** Changed in: sssd (Ubuntu)
Status: Triaged => Incomplete
** Changed in: gdm3 (Ubuntu)
Assignee: (unassigned) => Marco Trevisan (Treviño) (3v1n0)
** Changed in: gdm3 (Ubuntu)
Status: Triaged => In Progress
** Also affects: sssd (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: gdm3 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: sssd (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Also affects: gdm3 (Ubuntu Kinetic)
Importance: Undecided
Status: New
** No longer affects: sssd (Ubuntu Jammy)
** No longer affects: sssd (Ubuntu Kinetic)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1999884
Title:
gdm-smartcard not passing successful authentication to desktop at
system logon
Status in gdm3 package in Ubuntu:
In Progress
Status in sssd package in Ubuntu:
Incomplete
Status in gdm3 source package in Jammy:
New
Status in gdm3 source package in Kinetic:
New
Bug description:
For information I've repeated this entire process on RHEL8 and it
works there, it also was working upon last test on Ubuntu 20.04
Releases: 22.04 LTS and 22.10
Package Version (for reporting purposes): 43.0-1ubuntu1
Background:
System has been configured with sssd, krb5 and pkinit. All of these
packages confirm a successful connection to the Active Directory
Domain Controller. I have a YubiKey which has a CA generated
certificate on it (with all required uses/capabilities including sign)
and this is working fine on other systems.
Expected Behavior:
Insert YubiKey before boot. At the logon window press enter on the
Username field. Select the certificate, enter PIN when prompted.
Authenticate to desktop.
What is happening:
Insert YubiKey before boot. At the logon window press enter on the
Username field. Select the certificate, enter PIN when prompted.
Returns to Username field and does not log in.
Other:
This is a clean install of 22.10 updated to 16 Dec 2022. I also tried
the same thing with 22.04 LTS just in case.
I have enabled level 6 logging on SSSD and can confirm that side of
the entire process is fine. I can also log on with a password and do
a kinit <username> and get a valid kerberos ticket.
With some systematic tests, I managed to pinpoint the login is failing
after gdm-smartcard reports a successful login:
Dec 16 10:25:43 ubu-vm-2022 gdm-smartcard]: gkr-pam: stashed password to try
later in open session
Dec 16 10:26:22 ubu-vm-2022 gdm-smartcard]: pam_sss(gdm-smartcard:auth):
authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost=
user=b...@authenticate.me.uk
I did not have this problem on 20.04.
ProblemType: Bug
DistroRelease: Ubuntu 22.10
Package: gdm3 43.0-1ubuntu1
ProcVersionSignature: Ubuntu 5.19.0-26.27-generic 5.19.7
Uname: Linux 5.19.0-26-generic x86_64
ApportVersion: 2.23.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Fri Dec 16 11:43:25 2022
InstallationDate: Installed on 2022-12-16 (0 days ago)
InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Release amd64 (20221020)
SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1999884/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
