Bug 1915564
Summary: | sssd does not enforce smartcard auth for kde screen locker | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | Orion Poplawski <orion> | ||||
Component: | sssd | Assignee: | Sumit Bose <sbose> | ||||
Status: | CLOSED ERRATA | QA Contact: | Scott Poore <spoore> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 9.0 | CC: | aboscatt, atikhono, grajaiya, jhrozek, lslebodn, mzidek, pbrezina, sbose, sgadekar, spoore, thalman, tscherf | ||||
Target Milestone: | rc | Keywords: | Triaged | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | sync-to-jira | ||||||
Fixed In Version: | sssd-2.7.0-1.el9 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2022-11-15 11:17:20 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Orion Poplawski
2021-01-12 22:28:43 UTC
Hi, I'd like to try an reproduce the issue locally, which KDE packages are you using or do you build them on your own? bye, Sumit Thanks, I'm using the packages from Fedora EPEL. Any progress here or anything else I can provide to help? Thanks. Created attachment 1771951 [details]
test build
Hi,
thank you for you patience, please find attached a tar ball with a SSSD test build which should reject the login with the user password if you require Smartcard authentication.
In my test kscreenlocker displays the message asking to insert the proper Smartcard only for a very short time. I haven't found an option to make kscreenlocker to display it longer.
bye,
Sumit
That indeed appears to work, thanks! I'll take up the issue the message display with the KDE folks. Any chance this might make it into Stream soon? Upstream PR: https://github.com/SSSD/sssd/pull/6024 Pushed PR: https://github.com/SSSD/sssd/pull/6024 * `master` * 4d2277f8c3065771a8c3bbc7938309a4905640f0 - pam: better SC fallback message * 731b3e668c6a659922466aee7fa8093412707325 - pam: add more checks for require_cert_auth Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (sssd bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:8325 |