Andreas:
- I've now added SSSD to the bug
- I had not uploaded the remaining bits yet as I was waiting for SSSD to hit
the queue first
- GNOME settings daemon is also uploaded now to the queue
- GDM will be uploaded soon by Jeremy
The bug has now been updated to have a proper SRU template, with all the
tests required to check all the 3 packages.
** Also affects: sssd (Ubuntu)
Importance: Undecided
Status: New
** Changed in: sssd (Ubuntu)
Status: New => In Progress
** Changed in: sssd (Ubuntu)
Assignee: (unassigned) => Marco Trevisan (Treviño) (3v1n0)
** No longer affects: gdm3 (Ubuntu Focal)
** No longer affects: gnome-settings-daemon (Ubuntu Focal)
** Also affects: gnome-settings-daemon (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: sssd (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: gdm3 (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: gdm3 (Ubuntu Focal)
Importance: Undecided => High
** Changed in: gdm3 (Ubuntu Focal)
Assignee: (unassigned) => Marco Trevisan (Treviño) (3v1n0)
** Changed in: gnome-settings-daemon (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: gnome-settings-daemon (Ubuntu Focal)
Assignee: (unassigned) => Marco Trevisan (Treviño) (3v1n0)
** Changed in: sssd (Ubuntu Focal)
Status: New => In Progress
** Changed in: sssd (Ubuntu Focal)
Assignee: (unassigned) => Marco Trevisan (Treviño) (3v1n0)
** Changed in: gdm3 (Ubuntu Focal)
Status: New => In Progress
** Changed in: gnome-settings-daemon (Ubuntu Focal)
Status: New => In Progress
** Changed in: sssd (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-settings-daemon in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam config needs to be updated for Ubuntu and installed
Status in GNOME Settings Daemon:
Fix Released
Status in gdm3 package in Ubuntu:
Fix Released
Status in gnome-settings-daemon package in Ubuntu:
Fix Released
Status in sssd package in Ubuntu:
Fix Released
Status in gdm3 source package in Focal:
In Progress
Status in gnome-settings-daemon source package in Focal:
In Progress
Status in sssd source package in Focal:
In Progress
Status in gdm3 package in Debian:
Fix Released
Bug description:
[ Impact ]
the pam profile for gdm-smartcard is missing. gdm refuses to login
with a smartcard. Looking at ubuntu/+source/gdm3, other pam files are
pregenerated into debian/ and installed from there; gdm-smartcard is
left out.
[ Test case ]
1. When in GDM, insert a smartcard
2. The GDM interface should require for an user
3. The user should be set (or empty may be provided,
depending on sssd configuration)
4. The smartcard PIN should be requested and once introduce the
user must login.
Note that this requires configuring sssd before, a simple local
configuration could require having sssd.conf filled with:
```ini
[sssd]
enable_files_domain = True
services = pam
[certmap/implicit_files/$USER]
matchrule = <SUBJECT>.*YOUR CARD IDENTIFIER*
[pam]
pam_cert_auth = True
```
The UI authentication can also be simulated via pamtester:
# Must be ran as user
sudo apt install pamtester
pamtester -v gdm-smartcard $USER authenticate
Expected output is
+ pamtester -v gdm-smartcard ubuntu authenticate
pamtester: invoking pam_start(gdm-smartcard, ubuntu, ...)
pamtester: performing operation - authenticate
PIN for Test Organization Sub Int Token:
pamtester: successfully authenticated
---
Alternatively, if no smartcard or hardware is available, this can be tested
and simulated using these scripts (they will reset the system setup at each
run, but it's suggested to run them in a VM, lxd container or in a test
installation):
https://gist.github.com/3v1n0/287d02ca8e03936f1c7bba992173d47a
- sudo apt install gdm3 pamtester softhsm2 openssl wget sssd gnutls-bin && \
sudo apt-mark auto gdm3 pamtester softhsm2 openssl wget sssd gnutls-bin
- wget
https://gist.github.com/3v1n0/287d02ca8e03936f1c7bba992173d47a/raw/sssd-gdm-smartcard-pam-auth-tester.sh
- wget
https://gist.github.com/3v1n0/287d02ca8e03936f1c7bba992173d47a/raw/sssd-softhism2-certificates-tests.sh
- sudo bash ./sssd-gdm-smartcard-pam-auth-tester.sh
The script will generate some fake CA authority, issue some
certificates, will install them in some software-based smartcards
(using softhsm2) and test that they work properly to login with gdm-
smartcard.
Using `WAIT` environment variable set (to any value) will make it to
restart gdm at each iteration so that an user can try to access, using
the username that launched the script and the pin of 123456.
[ Regression potential ]
Smartcard authentication using custom methods using via a custom
configured system nss database may not work anymore.
---
ProblemType: BugDistroRelease: Ubuntu 18.04
Package: gdm3 3.28.3-0ubuntu18.04.4
ProcVersionSignature: Ubuntu 5.3.0-24.26~18.04.2-generic 5.3.10
Uname: Linux 5.3.0-24-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset
nvidia
ApportVersion: 2.20.9-0ubuntu7.11
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri Feb 28 14:30:30 2020
InstallationDate: Installed on 2016-05-23 (1376 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64
(20160420.1)SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.gdm3.Xsession: 2018-04-27T11:41:04.766901
To manage notifications about this bug go to:
https://bugs.launchpad.net/gnome-settings-daemon/+bug/1865226/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
