Bug 1937895
| Summary: | SSSD update prompts for smartcard pin twice - After update to 7.9 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | cilmar <cilmar> |
| Component: | sssd | Assignee: | Sumit Bose <sbose> |
| Status: | CLOSED ERRATA | QA Contact: | Madhuri <mupadhye> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 9.0 | CC: | aboscatt, atikhono, grajaiya, jhrozek, lslebodn, mzidek, pbrezina, sbose, sgadekar, spoore, thalman, tscherf |
| Target Milestone: | beta | Keywords: | Triaged |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | sync-to-jira | ||
| Fixed In Version: | sssd-2.7.0-1.el9 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-11-15 11:17:22 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Comment 14
Alexey Tikhonov
2022-03-01 13:45:44 UTC
Pushed PR: https://github.com/SSSD/sssd/pull/6024 * `master` * 4d2277f8c3065771a8c3bbc7938309a4905640f0 - pam: better SC fallback message * 731b3e668c6a659922466aee7fa8093412707325 - pam: add more checks for require_cert_auth Verified manually without IPA server, [root@ci-vm-10-0-137-60 external_ca]# rpm -qa sssd sssd-2.7.0-2.el9.x86_64 Setup: 1. Install packages including softhsm 2. Create the conf file softhsm 3. Create temp cert/key to initialize virt_cacard slot 4. create virt_cacard service, start and enable it 5. Update sssd with match rule 6. Start # systemctl start pcscd virt_cacard sssd 7. Add local-user with expired cert. Verification steps: 1. Install GDM packages 2. Here, we are using the expired cert, before login, get a login window with the message, 'Please (re)insert (different) Smartcard' 3. After entering the pin, getting, 'Sorry, smart card authentication didn't work. Please try again The pin is not asking in the loop, giving the error message thus from this marking this as a verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (sssd bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:8325 |