Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-50243

Please install sssd-polkit-rules by default

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-10.0.beta
    • rhel-10.0.beta
    • sssd
    • sssd-2.10.0~beta2-3.el10
    • None
    • Low
    • sst_idm_sssd
    • ssg_idm
    • 26
    • 26
    • 3
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Bug Fix
    • Hide
      .`sssd-polkit-rules` package content moved to `sssd-common`

      Previously, if you needed to enable smart card support when the system security services daemon (SSSD) did not run as `root`, you had to install the `sssd-polkit-rules` package. The package provided `polkit` integration with SSSD. To resolve this issue, the `sssd-common` package now includes the content of the `sssd-polkit-rules` package and installation of a separate package is no longer required.
      Show
      .`sssd-polkit-rules` package content moved to `sssd-common` Previously, if you needed to enable smart card support when the system security services daemon (SSSD) did not run as `root`, you had to install the `sssd-polkit-rules` package. The package provided `polkit` integration with SSSD. To resolve this issue, the `sssd-common` package now includes the content of the `sssd-polkit-rules` package and installation of a separate package is no longer required.
    • Done
    • None

      What were you trying to do that didn't work?

      By not having this package installed in RHEL-10 systems by default we had problems with smart cards.

      Since in RHEL-10 p11_child has been running from sssd user and not from the root user, when we are trying to connect with smart cards pcsc-lite thows "pcscd[XXXX]: 00000000 ../src/auth.c:145:IsClientAuthorized() Process XXXX (user: XXX) is NOT authorized for action: access_pcsc"

      This is inconvenient and we can easily prevent it by having the package installed by default.

      Please provide the package NVR for which the bug is seen:

      sssd-2.10.0~beta2-1.el10.x86_64

      How reproducible:

      always

      Steps to reproduce

      1. Make sure you do not have sssd-polkit-rules installed
      2. Configure a user to be connected with a smart card
      3. Try to connect with a smart card

      Expected results

      It should ask for the pin of the card

      Actual results

      It ask for password

              atikhono@redhat.com Alexey Tikhonov
              rh-ee-gpantela George Pantelakis
              SSSD Maintainers SSSD Maintainers
              Scott Poore Scott Poore
              Louise McGarry Louise McGarry
              Votes:
              0 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated: