Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1413900 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available
Improve Smartcard integration if multiple certificates or multiple mapped ide...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: gdm (Show other bugs)
7.3
Unspecified Unspecified
urgent Severity high
: rc
: ---
Assigned To: Sumit Bose
Desktop QE
: OtherQA
Depends On:
Blocks: 1472344 1507614
  Show dependency treegraph
 
Reported: 2017-01-17 04:37 EST by Sumit Bose
Modified: 2018-05-17 10:39 EDT (History)
7 users (show)

See Also:
Fixed In Version: gdm-3.22.3-13.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1507614 (view as bug list)
Environment:
Last Closed: 2018-04-10 08:55:16 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Firefox Certificate Picker UI (184.72 KB, application/pdf)
2017-06-19 19:30 EDT, Tim Baldridge 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Bugzilla 788851 None None None 2017-10-11 17:02 EDT
Red Hat Product Errata RHBA-2018:0770 None None None 2018-04-10 08:57 EDT

  None (edit)
Description Sumit Bose 2017-01-17 04:37:04 EST 
Description of problem:

Currently GDM Smartcard integration works great if the Smartcard contains only one certificate valid for authentication which is mapped to a single user.

But there are valid use cases where either multiple certificates valid for authentication are on the Smartcard or where a single certificate is mapped to multiple users. Please see https://fedorahosted.org/sssd/wiki/DesignDocs/SmartcardsAndMultipleIdentities for details.

While it would be possible for SSSD to handle the needed prompting it would imo improve the user experience if GDM can handle some of the prompting in a more appealing way.
Comment 1 Peter Magnusson 2017-02-22 10:21:53 EST 
I agree that this would be very useful. We are also using smartcards for login on rhel7. Some of our users have multiple certificates on their smartcards and they are not able to login on rhel7 as expected.
Comment 2 Tim Baldridge 2017-06-19 19:30 EDT 
Created attachment 1289340 [details]
Firefox Certificate Picker UI

A GDM certificate picker capability like the Firefox 54.0 on Windows 10 with the Security Modules and Devices HID ActivClient PKCS#11 Module would be ideal.
Comment 12 Roshni 2017-07-31 13:30:49 EDT 
Yes Tomas,

Myself and Scott can help with verifying this bug once the builds are available. CC'ing Scott to this bug.
Comment 27 Scott Poore 2017-11-16 15:30:43 EST 
Verified.

Version ::

sssd-1.16.0-6.el7.x86_64
gdm-3.26.2.1-3.el7.x86_64
gdm-pam-extensions-devel-3.26.2.1-3.el7.x86_64

Results ::

Setup env like in the sssd bug here:

https://bugzilla.redhat.com/show_bug.cgi?id=1507614#c5

Difference is that instead of listing with number selection, the new version of sssd pulled in gdm-pam-extensions-devel.  Now instead of entering a number, the user is able to click on the certificate to use.
Comment 30 errata-xmlrpc 2018-04-10 08:55:16 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0770
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.