Red Hat Bugzilla – Bug 1163474
pam_pkcs11 with card_only breaks session selection
Last modified: 2015-03-05 08:22:11 EST
+++ This bug was initially created as a clone of Bug #1159056 +++ Description of problem: When using smartcard for auth, with password and fingerprint auth disabled, and pam_pkcs11 with card_only enabled, we cant choose any session other than the default (gnome classic). The card_only parameter is supposed to get the username from the card instead of prompting for it, but this does not seem to work. Not sure if problem lies in pam_pkcs11 or gdm. If I disable 'card_only' I get a prompt for username in the gdm login and then the session selection works fine. --- Additional comment from Ray Strode [halfline] on 2014-11-12 13:58:59 EST --- So I debugged this a little bit a few days ago with your colleague, Patrik Martinsson. There are two fixes needed. One on the gdm side is a change to handle when is to make sure we report the users session as soon as we find it in the case we don't know the username up front (such as is the case with smartcards) --- Additional comment from Ray Strode [halfline] on 2014-11-12 13:59:26 EST --- The second fix is a change to gnome-shell to make sure we don't inform GDM about session-changes in the gear menu that were made at the request of GDM (which is creating an oscillation between the two processes after the above patch is applied) I'll clone this bug against gnome-shell.
Created attachment 956854 [details] only emit session-activated signal when session selector is changed as a result of user interaction
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0535.html