Description of problem: Unlocking a locked screen using a smart card fails. Version-Release number of selected component (if applicable): pam_pkcs11-0.5.3-23 gdm-2.16.0-56.el5 coolkey-1.1.0-15.el5 authconfig-5.3.21-6.el5 Rhel 5.6 i386 from http://download.devel.redhat.com/nightly/RHEL5.6-Client-20101110.n/ How reproducible: Steps to Reproduce: 1. Authentication is configured as: Use smart card: ON Enforce smart card: OFF Log out behaviour configured to: Ignore 2. A smart card is enrolled for this user. 3. Import root CA certs onto /etc/pki/nssdb. 4. Logout. Login with the smart card. Success. 5. Lock the screen using the menu (System -> LockScreen). Leave the smart card inserted. 6. On the locked screen, move the mouse. Actual results: Gdm greeter display Username and a message "Smart card is inserted". Expected results: Smart card should be detected successfully and should request for smartcard pin. On entering correct pin, screen saver should be unlocked. Additional info: Remove the smart card from the smart card reader and re-insert it, gdm greeter does not recognize the token.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
This may be a duplicate of bug 651868 What version of gnome-screensaver is installed? Does downgrading to gnome-screensaver-2.16.1-8.el5 fix the problem?
gnome-screensaver installed on the desktop is: gnome-screensaver-2.16.1-8.el5_5.1 Downgraded to http://download.devel.redhat.com/rel-eng/RHEL5.6-Client-20101029.0/5/i386/os/Client/gnome-screensaver-2.16.1-8.el5.i386.rpm, locked screen successfully unlocked with the smart card login.
*** This bug has been marked as a duplicate of bug 651868 ***
(reopening after talking to Asha so QE can independently test both bugs)
(clearly this gets pm_ack+ since bug 651868 already has pm_ack+ and they're manifestations of the same bug, just separated for QE convenience)
This is fixed implicitly by the fix for bug 651868 marking MODIFIED.
*** Bug 656022 has been marked as a duplicate of this bug. ***
Tested with gnome-screensaver-2.16.1-10.el5 downloaded from https://brewweb.devel.redhat.com/buildinfo?buildID=150074, screen lock/unlock works fine when logged in with a smart card. Tested following scenarios: 1. Authentication configured to Use smart card: ON Enforce smart card: OFF Log out behaviour configured to: Ignore. Login to the desktop with a smart card. Manually lock the screen by selecting menu item 'Lock Screen'. Mouse move prompts to enter password. Correct smart card pin unlocks the screen. 2. Authentication configured to Use smart card: ON Enforce smart card: OFF Log out behaviour configured to: Lock. Login to the desktop with a smart card. Remove the smart card from the hook. Screen gets locked. Re-insert the smart card. Correct smart card pin unlocks the screen. 3. Authentication configured to Use smart card: ON Enforce smart card: ON Log out behaviour configured to: Ignore. Login to the desktop with a smart card. Manually lock the screen by selecting menu item 'Lock Screen'. Mouse move prompts to enter password. Correct smart card pin unlocks the screen. 4. Authentication configured to Use smart card: ON Enforce smart card: ON Log out behaviour configured to: Lock. Login to the desktop with a smart card. Remove the smart card from the hook. Screen gets locked. Re-insert the smart card. Correct smart card pin unlocks the screen. 5. Authentication configured to Use smart card: ON Enforce smart card: OFF Log out behaviour configured to: Lock. Login to the desktop with a smart card. Screen gets locked due to inactivity. Move the mouse. Correct smart card pin unlocks the screen. Keeping this bug in Modified state since the build gnome-screensaver-2.16.1-10.el5 is not yet appeared in Rhel 5.6 snapshots to QE at http://download.devel.redhat.com/rel-eng/.
(In reply to comment #14) ...snip > > Keeping this bug in Modified state since the build > gnome-screensaver-2.16.1-10.el5 is not yet appeared in Rhel 5.6 snapshots to QE > at http://download.devel.redhat.com/rel-eng/. and it won't ever be as this bug was fixed in z-stream erratum https://errata.devel.redhat.com/errata/show/10318 and won't be incorporated into rhel5.6 sooner than this erratum is out from QE. And I see another confusion. This package (2.16.1-10.el5) won't be in rhel5.6 anyway as there will go the one from z-stream; 2.16.1-8.el5_5.2. So please if you can retest with z-stream package in z-stream bug and resend the results there it would be perfect. https://bugzilla.redhat.com/show_bug.cgi?id=657044 This one will be closed after a z-stream package will go out (several days) as exactly the same package will go into rhel5.6. Don't know why fixed in version says this as we have no erratum for rhel5.6. Thanks for understanding, Vladimir
Verified with gnome-screensaver-2.16.1-8.el5_5.2 on a Rhel 5.6 desktop, screen unlock works fine when logged in with a smart card. Tested all scenarios mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=654896#c14, works as expected. > And I see another confusion. This package (2.16.1-10.el5) won't be in rhel5.6 > anyway as there will go the one from z-stream; 2.16.1-8.el5_5.2. So please if > you can retest with z-stream package in z-stream bug and resend the results > there it would be perfect. > > https://bugzilla.redhat.com/show_bug.cgi?id=657044 > > This one will be closed after a z-stream package will go out (several days) as > exactly the same package will go into rhel5.6. Don't know why fixed in version > says this as we have no erratum for rhel5.6. Ray, can you change the fixed in version to "gnome-screensaver-2.16.1-8.el5_5.2"? thanks, Asha
done, not sure what happened there.
Flipping the bug to verified.