Bug 1163474

Summary: pam_pkcs11 with card_only breaks session selection
Product: Red Hat Enterprise Linux 7 Reporter: Ray Strode [halfline] <rstrode>
Component: gnome-shellAssignee: Florian Müllner <fmuellner>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.0CC: adam.winberg, desktop-qa-list, martinsson.patrik, mdomonko, tpelka, vbenes
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gnome-shell-3.8.4-45.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1159056 Environment:
Last Closed: 2015-03-05 13:22:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1159056    
Attachments:
Description Flags
only emit session-activated signal when session selector is changed as a result of user interaction none

Description Ray Strode [halfline] 2014-11-12 19:00:44 UTC 
+++ This bug was initially created as a clone of Bug #1159056 +++

Description of problem:
When using smartcard for auth, with password and fingerprint auth disabled, and pam_pkcs11 with card_only enabled, we cant choose any session other than the default (gnome classic). The card_only parameter is supposed to get the username from the card instead of prompting for it, but this does not seem to work. Not sure if problem lies in pam_pkcs11 or gdm. If I disable 'card_only' I get a prompt for username in the gdm login and then the session selection works fine.  

--- Additional comment from Ray Strode [halfline] on 2014-11-12 13:58:59 EST ---

So I debugged this a little bit a few days ago with your colleague, Patrik Martinsson.

There are two fixes needed.  One on the gdm side is a change to handle when is to make sure we report the users session as soon as we find it in the case we don't know the username up front (such as is the case with smartcards)

--- Additional comment from Ray Strode [halfline] on 2014-11-12 13:59:26 EST ---

The second fix is a change to gnome-shell to make sure we don't inform GDM about session-changes in the gear menu that were made at the request of GDM (which is creating an oscillation between the two processes after the above patch is applied)

I'll clone this bug against gnome-shell.
Comment 1 Ray Strode [halfline] 2014-11-12 19:02:11 UTC 
Created attachment 956854 [details]
only emit session-activated signal when session selector is changed as a result of user interaction
Comment 10 errata-xmlrpc 2015-03-05 13:22:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0535.html