[Bug 1843946] [NEW] pam_sss configuration is incorrect for smartcard usage

Orion-cora Fri, 13 Sep 2019 13:21:18 -0700

Public bug reported:

Default common-auth with sssd is:


# here are the per-package modules (the "Primary" block)
auth    [success=2 default=ignore]      pam_unix.so nullok_secure
auth    [success=1 default=ignore]      pam_sss.so use_first_pass

However, this does not allow gdm to query the smartcard to determine the
identity.

Changing /usr/share/pam-configs/sss like:

--- /usr/share/pam-configs/sss.orig     2019-09-13 14:08:43.360118486 -0600
+++ /usr/share/pam-configs/sss  2019-09-13 10:07:34.799762334 -0600
@@ -1,12 +1,12 @@
 Name: SSS authentication
 Default: yes
-Priority: 128
+Priority: 512

 Auth-Type: Primary
 Auth:
        [success=end default=ignore]    pam_sss.so use_first_pass
 Auth-Initial:
-       [success=end default=ignore]    pam_sss.so forward_pass
+       [success=end default=ignore]    pam_sss.so forward_pass 
allow_missing_name
 Account-Type: Additional
 Account:
        sufficient                      pam_localuser.so


Generates:

# here are the per-package modules (the "Primary" block)
auth    [success=2 default=ignore]      pam_sss.so forward_pass 
allow_missing_name
auth    [success=1 default=ignore]      pam_unix.so nullok_secure try_first_pass

which allows this to work.

** Affects: sssd (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1843946

Title:
  pam_sss configuration is incorrect for smartcard usage

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1843946/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1843946] [NEW] pam_sss configuration is incorrect for smartcard usage

Reply via email to