This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 654896 - Unlocking a locked screen using a smart card fails.
Unlocking a locked screen using a smart card fails.
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: gnome-screensaver (Show other bugs)
5.5
Unspecified Unspecified
urgent Severity high
: rc
: ---
Assigned To: jmccann
Desktop QE
: Reopened, ZStream
: 656022 (view as bug list)
Depends On:
Blocks: 640580 657044
  Show dependency treegraph
 
Reported: 2010-11-18 18:26 EST by Asha Akkiangady
Modified: 2015-01-14 18:26 EST (History)
11 users (show)

See Also:
Fixed In Version: gnome-screensaver-2.16.1-8.el5_5.2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-09-23 07:13:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Asha Akkiangady 2010-11-18 18:26:32 EST
Description of problem:
Unlocking a locked screen using a smart card fails.

Version-Release number of selected component (if applicable):
pam_pkcs11-0.5.3-23
gdm-2.16.0-56.el5
coolkey-1.1.0-15.el5
authconfig-5.3.21-6.el5

Rhel 5.6 i386 from http://download.devel.redhat.com/nightly/RHEL5.6-Client-20101110.n/

How reproducible:


Steps to Reproduce:
1. Authentication is configured as:
Use smart card: ON Enforce smart card: OFF Log out behaviour configured to: Ignore

2. A smart card is enrolled for this user.

3. Import root CA certs onto /etc/pki/nssdb.

4. Logout. Login with the smart card. Success.

5. Lock the screen using the menu (System -> LockScreen). Leave the smart card inserted.

6. On the locked screen, move the mouse.

  
Actual results:
Gdm greeter display Username and a message "Smart card is inserted". 

Expected results:
Smart card should be detected successfully and should request for smartcard pin. On entering correct pin, screen saver should be unlocked.

Additional info:
Remove the smart card from the smart card reader and re-insert it, gdm greeter does not recognize the token.
Comment 2 RHEL Product and Program Management 2010-11-19 14:40:24 EST
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 3 Ray Strode [halfline] 2010-11-22 14:34:45 EST
This may be a duplicate of bug 651868

What version of gnome-screensaver is installed?  Does downgrading to

gnome-screensaver-2.16.1-8.el5

fix the problem?
Comment 4 Asha Akkiangady 2010-11-22 16:06:52 EST
gnome-screensaver installed on the desktop is:  gnome-screensaver-2.16.1-8.el5_5.1

Downgraded to http://download.devel.redhat.com/rel-eng/RHEL5.6-Client-20101029.0/5/i386/os/Client/gnome-screensaver-2.16.1-8.el5.i386.rpm, locked screen successfully unlocked with the smart card login.
Comment 5 Ray Strode [halfline] 2010-11-22 16:14:22 EST

*** This bug has been marked as a duplicate of bug 651868 ***
Comment 6 Ray Strode [halfline] 2010-11-22 16:32:31 EST
(reopening after talking to Asha so QE can independently test both bugs)
Comment 7 RHEL Product and Program Management 2010-11-22 16:37:14 EST
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 8 Ray Strode [halfline] 2010-11-23 12:13:58 EST
(clearly this gets pm_ack+ since bug 651868 already has pm_ack+ and they're manifestations of the same bug, just separated for QE convenience)
Comment 9 RHEL Product and Program Management 2010-11-23 12:27:05 EST
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 11 Ray Strode [halfline] 2010-11-23 16:54:44 EST
This is fixed implicitly by the fix for bug 651868 marking MODIFIED.
Comment 13 Ray Strode [halfline] 2010-11-26 23:50:35 EST
*** Bug 656022 has been marked as a duplicate of this bug. ***
Comment 14 Asha Akkiangady 2010-11-29 12:01:03 EST
Tested with gnome-screensaver-2.16.1-10.el5 downloaded from https://brewweb.devel.redhat.com/buildinfo?buildID=150074, screen lock/unlock works fine when logged in with a smart card.

Tested following scenarios:

1. Authentication configured to Use smart card: ON Enforce smart card: OFF Log out behaviour configured to: Ignore. Login to the desktop with a smart card. Manually lock the screen by selecting menu item 'Lock Screen'. Mouse move prompts to enter password. Correct smart card pin unlocks the screen.

2. Authentication configured to Use smart card: ON Enforce smart card: OFF Log out behaviour configured to: Lock. Login to the desktop with a smart card. Remove the smart card from the hook. Screen gets locked. Re-insert the smart card. Correct smart card pin unlocks the screen.

3. Authentication configured to Use smart card: ON Enforce smart card: ON Log out behaviour configured to: Ignore. Login to the desktop with a smart card. Manually lock the screen by selecting menu item 'Lock Screen'. Mouse move prompts to enter password. Correct smart card pin unlocks the screen.

4. Authentication configured to Use smart card: ON Enforce smart card: ON Log out behaviour configured to: Lock. Login to the desktop with a smart card. Remove the smart card from the hook. Screen gets locked. Re-insert the smart card. Correct smart card pin unlocks the screen.

5. Authentication configured to Use smart card: ON Enforce smart card: OFF Log out behaviour configured to: Lock. Login to the desktop with a smart card. Screen gets locked due to inactivity. Move the mouse. Correct smart card pin 
unlocks the screen.

Keeping this bug in Modified state since the build gnome-screensaver-2.16.1-10.el5 is not yet appeared in Rhel 5.6 snapshots to QE at http://download.devel.redhat.com/rel-eng/.
Comment 15 Vladimir Benes 2010-11-29 12:24:03 EST
(In reply to comment #14)
...snip
> 
> Keeping this bug in Modified state since the build
> gnome-screensaver-2.16.1-10.el5 is not yet appeared in Rhel 5.6 snapshots to QE
> at http://download.devel.redhat.com/rel-eng/.

and it won't ever be as this bug was fixed in z-stream erratum  https://errata.devel.redhat.com/errata/show/10318

and won't be incorporated into rhel5.6 sooner than this erratum is out from QE. And I see another confusion. This package (2.16.1-10.el5) won't be in rhel5.6 anyway as there will go the one from z-stream; 2.16.1-8.el5_5.2. So please if you can retest with z-stream package in z-stream bug and resend the results there it would be perfect.

https://bugzilla.redhat.com/show_bug.cgi?id=657044

This one will be closed after a z-stream package will go out (several days) as exactly the same package will go into rhel5.6. Don't know why fixed in version says this as we have no erratum for rhel5.6.

Thanks for understanding,
Vladimir
Comment 16 Asha Akkiangady 2010-11-29 13:18:39 EST
Verified with gnome-screensaver-2.16.1-8.el5_5.2 on a Rhel 5.6 desktop, screen unlock works fine when logged in with a smart card.

Tested all scenarios mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=654896#c14, works as expected.


> And I see another confusion. This package (2.16.1-10.el5) won't be in rhel5.6
> anyway as there will go the one from z-stream; 2.16.1-8.el5_5.2. So please if
> you can retest with z-stream package in z-stream bug and resend the results
> there it would be perfect.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=657044
>
> This one will be closed after a z-stream package will go out (several days) as
> exactly the same package will go into rhel5.6. Don't know why fixed in version
> says this as we have no erratum for rhel5.6.


Ray, can you change the fixed in version to "gnome-screensaver-2.16.1-8.el5_5.2"?
thanks,
Asha
Comment 17 Ray Strode [halfline] 2010-11-30 10:19:50 EST
done, not sure what happened there.
Comment 18 Asha Akkiangady 2010-11-30 10:25:57 EST
Flipping the bug to verified.

Note You need to log in before you can comment on or make changes to this bug.