Bug 204978 - Unable to log in as local user with smartcard inserted
Summary: Unable to log in as local user with smartcard inserted
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: pam_pkcs11
Version: 5.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Bob Relyea
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 181509
TreeView+ depends on / blocked
 
Reported: 2006-09-01 19:55 UTC by Suzanne Hillman
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-09-12 23:46:18 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Suzanne Hillman 2006-09-01 19:55:28 UTC
Description of problem:
Unable to log in as local user on vertual terminal with smartcard inserted, even
if smartcard use is not in enforcing mode.

Version-Release number of selected component (if applicable):
esc-1.0.0-8.fc6
pam_pkcs11-0.5.3-14
coolkey-1.0.1-3

How reproducible:
Always

Steps to Reproduce:
1. Insert a smartcard
2. Go to a virtual terminal and try to log in
  
Actual results:
It will always try to assume you want to log in as the smartcard user, no matter
what username you give (and will only allow you to login if you used the
smartcard user's username and smartcard pin; it will not work with some other
username and the smartcard pin, or with the actual password for that username).

Expected results:
Let you log in as someone other than the smartcard user if enforcing is not set.

Additional info:

Comment 1 Bob Relyea 2006-09-12 23:46:18 UTC
No, this is exactly how it is supposed to work. We work hard to make this so.

If you have smart card login turned on, and you have inserted a smart card, you
must login using that smart card.


Comment 2 Suzanne Hillman 2006-09-13 14:56:53 UTC
Rob,

Ah, hmm. Then... should one be able to log in remotely (ssh) as a non-smartcard
user if the smartcard is inserted?

Comment 3 Bob Relyea 2006-09-13 16:06:39 UTC
Currently ssh is not supported for smart card login, so the answer is no.
(That's a 'next release' feature).



Comment 4 Suzanne Hillman 2006-09-13 17:06:52 UTC
...

I would have expected that, if ssh is not currently intended to be supported
with smartcard, that smartcard insertion should _NOT_ effect it. Are you saying
that the reverse is true?

Comment 5 Bob Relyea 2006-09-13 17:12:58 UTC
I'm sorry I misunderstood the question. You are correct. The card insertion
state will not affect ssh.

Actually once ssh support is in, the card insertion state on the *console*
should not affect ssh either.

bob


Note You need to log in before you can comment on or make changes to this bug.