Bug 990630

Summary: dconf should ship /etc/dconf/db/user and /etc/dconf/db/user.d and /etc/dconf/db/user.d/locks out of the box
Product: Red Hat Enterprise Linux 7 Reporter: Ray Strode [halfline] <rstrode>
Component: dconfAssignee: Marek Kašík <mkasik>
Status: CLOSED CURRENTRELEASE QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: dspurek, jkoten, mclasen, pnemade, rstrode, vbenes
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: dconf-0.16.0-3.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 990625 Environment:
Last Closed: 2014-04-24 12:57:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 854724    
Bug Blocks: 872586, 990625    

Description Ray Strode [halfline] 2013-07-31 15:18:34 UTC 
+++ This bug was initially created as a clone of Bug #990625 +++

The new login screen does not have smartcard support. It needs to be added back for RHEL7.

--- Additional comment from Ray Strode [halfline] on 2013-07-31 10:56:20 EDT ---

So i've built a new gdm, gnome-settings-daemon, and gnome-shell that bring back the bulk of this support.  we're going to need some authconfig changes to, since we no longer read the same configuration database as before.

i'll file that as a separate bug.

---


We basically need to set the gsettings key:

org.gnome.login-screen enable-smartcard-authentication

to false if smartcard support is toggled off (default is enabled).

We also need to set the gsettings key:

org.gnome.login-screen enable-password-authentication

(and potentially enable-fingerprint-authentication) to false if forceSmartcard is configured.

Unfortunately, there's no way to set these keys globally and locked down using gsettings.  We'll have to drop files in /etc/dconf/db/gdm.d, /etc/dconf/db/gdm.d/locks, /etc/dconf/db/user.d, and /etc/dconf/db/user.d/locks then run dconf update.

First we need to change dconf to ship /etc/dconf/db/user.d by default. I'll file a separate bug for that.
Comment 1 Ray Strode [halfline] 2013-07-31 15:47:09 UTC 
Okay i've created 3 system dbs

distro.d
site.d
local.d

distro.d is reserved for us, and the other two are for customers to use as they see fit.
Comment 6 Marek Kašík 2014-01-23 13:16:05 UTC 
*** Bug 1056072 has been marked as a duplicate of this bug. ***
Comment 7 Jiri Koten 2014-04-24 12:57:15 UTC 
Verified in dconf-0.16.0-6.el7

$ rpm -ql dconf
/etc/dconf
/etc/dconf/db
/etc/dconf/db/distro.d
/etc/dconf/db/distro.d/locks
/etc/dconf/db/local.d
/etc/dconf/db/local.d/locks
/etc/dconf/db/site.d
/etc/dconf/db/site.d/locks
...