Red Hat Bugzilla – Bug 204978
Unable to log in as local user with smartcard inserted
Last modified: 2007-11-30 17:07:33 EST
Description of problem: Unable to log in as local user on vertual terminal with smartcard inserted, even if smartcard use is not in enforcing mode. Version-Release number of selected component (if applicable): esc-1.0.0-8.fc6 pam_pkcs11-0.5.3-14 coolkey-1.0.1-3 How reproducible: Always Steps to Reproduce: 1. Insert a smartcard 2. Go to a virtual terminal and try to log in Actual results: It will always try to assume you want to log in as the smartcard user, no matter what username you give (and will only allow you to login if you used the smartcard user's username and smartcard pin; it will not work with some other username and the smartcard pin, or with the actual password for that username). Expected results: Let you log in as someone other than the smartcard user if enforcing is not set. Additional info:
No, this is exactly how it is supposed to work. We work hard to make this so. If you have smart card login turned on, and you have inserted a smart card, you must login using that smart card.
Rob, Ah, hmm. Then... should one be able to log in remotely (ssh) as a non-smartcard user if the smartcard is inserted?
Currently ssh is not supported for smart card login, so the answer is no. (That's a 'next release' feature).
... I would have expected that, if ssh is not currently intended to be supported with smartcard, that smartcard insertion should _NOT_ effect it. Are you saying that the reverse is true?
I'm sorry I misunderstood the question. You are correct. The card insertion state will not affect ssh. Actually once ssh support is in, the card insertion state on the *console* should not affect ssh either. bob