This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1462005 - Smartcard reader removal does not lock the screen
Smartcard reader removal does not lock the screen
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: gnome-settings-daemon (Show other bugs)
7.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Rui Matos
Desktop QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-15 17:51 EDT by Roshni
Modified: 2017-07-03 11:04 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Roshni 2017-06-15 17:51:18 EDT
Description of problem:
Smartcard reader removal does not lock the screen

Version-Release number of selected component (if applicable):
opensc-0.16.0-5.20170227git777e2a3.el7.x86_64


How reproducible:
always

Steps to Reproduce:
1. Enable "Require smartcard for login" and "Lock" as removal action using authconfig
2. Reboot and login using smartcard
3. Remove the smartcard reader after login

Actual results:
Screen does not lock

Expected results:


Additional info:
Comment 2 Jakub Jelen 2017-06-16 08:21:39 EDT
Again,
I have no idea how to reproduce it. Can you point me out to your test case you are executing? Add a commands that you ran? Specific changes you made in the configuration? Card you were using? Post some debug logs that would make it possible for me to see what could go wrong?
Comment 3 Roshni 2017-06-16 11:15:49 EDT
Some mesages in journalctl

Jun 16 11:09:12 dhcp129-112.rdu.redhat.com fprintd[3542]: No devices in use, exit
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: debug
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: don't always_allow_localname
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: no ignore_afs
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: no null_afs
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: cred_session
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: no ignore_k5login
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: user_check
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: will try previously set password first
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: will let libkrb5 ask questions
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: no use_shmem
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: no external
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: no multiple_ccaches
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: validate
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: flag: warn
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: banner: Kerberos 5
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: ccache dir: /tmp
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: ccname template: KEYRING:persistent:%{uid}
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: keytab: FILE:/etc/krb5.keytab
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: token strategy: 2b
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: no creds for user 'root', skipping session setup
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: pam_krb5[3604]: pam_setcred(PAM_ESTABLISH_CRED) returning 0 (Success)
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: (root) PAM ERROR (Failure setting user credentials)
Jun 16 11:10:01 dhcp129-112.rdu.redhat.com crond[3604]: (root) FAILED to authorize user with PAM (Failure setting user credentials)
Jun 16 11:10:38 dhcp129-112.rdu.redhat.com kernel: usb 5-1: USB disconnect, device number 4
Jun 16 11:10:38 dhcp129-112.rdu.redhat.com pcscd[1850]: 99999999 ccid_usb.c:693:WriteUSB() write failed (5/4): -4 No such device
Jun 16 11:10:38 dhcp129-112.rdu.redhat.com pcscd[1850]: 00000922 winscard.c:240:SCardConnect() Reader OMNIKEY AG CardMan 3021 00 00 Not Found
Jun 16 11:10:38 dhcp129-112.rdu.redhat.com gnome-settings-[2324]: Got potentially spurious smartcard event error: ffffe0a7.
Jun 16 11:10:38 dhcp129-112.rdu.redhat.com pcscd[1850]: 00131153 winscard.c:240:SCardConnect() Reader OMNIKEY AG CardMan 3021 00 00 Not Found
Jun 16 11:10:39 dhcp129-112.rdu.redhat.com gnome-settings-[2324]: Got potentially spurious smartcard event error: ffffe0a7.
Jun 16 11:10:39 dhcp129-112.rdu.redhat.com gnome-settings-[2324]: Got potentially spurious smartcard event error: ffffe0a7.
Jun 16 11:10:40 dhcp129-112.rdu.redhat.com gnome-settings-[2324]: Got potentially spurious smartcard event error: ffffe0a7.
Jun 16 11:10:40 dhcp129-112.rdu.redhat.com gnome-settings-[2324]: Got potentially spurious smartcard event error: ffffe0a7.
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com gnome-settings-[2324]: Got potentially spurious smartcard event error: ffffe0a7.
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com kernel: usb 5-1: new full-speed USB device number 5 using uhci_hcd
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com gnome-settings-[2324]: Got potentially spurious smartcard event error: ffffe0a7.
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com kernel: usb 5-1: New USB device found, idVendor=076b, idProduct=3021
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com kernel: usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com kernel: usb 5-1: Product: Smart Card Reader USB
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com kernel: usb 5-1: Manufacturer: OMNIKEY AG
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com mtp-probe[3619]: checking bus 5, device 5: "/sys/devices/pci0000:00/0000:00:1d.3/usb5/5-1"
Jun 16 11:10:41 dhcp129-112.rdu.redhat.com mtp-probe[3619]: bus: 5, device: 5 was not an MTP device
Jun 16 11:10:43 dhcp129-112.rdu.redhat.com xulrunner[3631]: g_slice_set_config: assertion 'sys_page_size == 0' failed


Info of the card used

[root@dhcp129-112 ~]# pkcs11-tool -O -l --module=/usr/lib64/opensc-pkcs11.so
Using slot 0 with a present token (0x0)
Logging in to "kdcuser2 (kdcuser2)".
Please enter User PIN: 
Private Key Object; RSA 
  label:      
  ID:         01
  Usage:      sign
Public Key Object; RSA 1024 bits
  label:      
  ID:         01
  Usage:      verify
Certificate Object; type = X.509 cert
  label:      signing key for kdcuser2
  ID:         01
Private Key Object; RSA 
  label:      
  ID:         02
  Usage:      decrypt, unwrap
Public Key Object; RSA 1024 bits
  label:      
  ID:         02
  Usage:      encrypt, wrap
Certificate Object; type = X.509 cert
  label:      encryption key for kdcuser2
  ID:         02
Comment 4 Jakub Jelen 2017-06-16 11:42:08 EDT
Not sure what could go wrong here from the above logs, nor I was able to interpret any of the above errors.
Moving to Gnome developers, which will hopefully have better insight into the gnome-settings code or will know how to debug it further in case it will be needed.

Note You need to log in before you can comment on or make changes to this bug.