This was fixed in ubuntu via 45.0.1-1ubuntu1:
gdm3 (45.0.1-1) unstable; urgency=high
* Team upload
[ Marco Trevisan (Treviño) ]
* debian/gdm3.gdm-smartcard-*: Always fallback to password auth if no SC
pam module is installed.
Both libpam_sss.so and libpam_pkcs11.so might be not be installed in a
system, in such case we should not make gdm to enforce the smartcart
authentication because that would just lock the user out if there are
other login allowed methods.
As per this, make these modules partially optional even in the exclusive
mode, given that we have not a strong dependency on such modules and so
inserting a smartcard is not enough to block a system, unless that's
configured.
Ideally we should not even try to proceed if the system is not fully
configured for smartcards, but that's something that can't be easily
controlled from modules settings, so let's just do the quickest thing.
(Mitigates: #1051659, #1051785)
* d/tests/sssd-softhism2-certificates-tests.sh: Cherry-pick upstream fixes
[ Simon McVittie ]
* New upstream release
- Fix an intermittent crash when unlocking the screen
- Translation updates: en_GB, ko, sv
* d/gdm3.links: Create a dconf profile named for the Debian-gdm user.
In upstream and Ubuntu gdm, the system username used for the greeter
is "gdm", but in Debian, for historical reasons it is "Debian-gdm".
Before version 45, the dconf profile name "gdm" was hard-coded,
but since version 45 it uses a profile name that matches the system
username (to allow gnome-initial-setup to have its own profile).
This resulted in the gdm greeter trying to use the ordinary
gnome.session instead of gnome-login.session, which caused login to
fail when the gnome-session package was not installed, and caused
settings in /etc/gdm3/greeter.dconf-defaults to be ineffective. Other
differences between gnome.session and gnome-login.session, potentially
including security hardening for the greeter, would also not have
been effective.
(Closes: #1052374, #1051671, #1051993)
* Set high urgency for the dconf profile fix
[ Helmut Grohne ]
* Avoid FTBFS when systemdsystemunitdir changes in systemd.pc
(Closes: #1052381)
-- Simon McVittie <[email protected]> Thu, 21 Sep 2023 13:12:44 +0100
** Changed in: gdm3 (Ubuntu)
Status: New => Fix Released
** Also affects: gdm3 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Changed in: gdm3 (Ubuntu Jammy)
Importance: Undecided => Medium
** Changed in: gdm3 (Ubuntu Jammy)
Assignee: (unassigned) => Marco Trevisan (Treviño) (3v1n0)
** Changed in: gdm3 (Ubuntu Jammy)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/2090884
Title:
Logging in with a smartcard is not possible if sssd (libpam-sss) is
not installed
Status in gdm3 package in Ubuntu:
Fix Released
Status in gdm3 source package in Jammy:
Fix Committed
Bug description:
== Impact ==
Logging in with a smart card inserted fails if no module providing
smart card authentication is installed (as it's by default in 22.04).
== Test cases ==
Ensure this profile is set in gdm:
1. sudo update-alternatives --set gdm-smartcard
/etc/pam.d/gdm-smartcard-sssd-exclusive
2. sudo apt remove libpam-sss
3. sudo systemctl restart gdm
4. Login with gdm with a smartcard inserted (and not configured)
Repeat the same ensuring that libpam-pkcs11 is not installed and
/etc/pam.d/gdm-smartcard-pkcs11-exclusive is selected via update-
alternatives
1. sudo update-alternatives --set gdm-smartcard
/etc/pam.d/gdm-smartcard-pkcs11-exclusive
2. sudo apt remove libpam-pkcs11
3. sudo systemctl restart gdm
4. Login with gdm with a smartcard inserted (and not configured)
== Regression potential ==
Smart card authentication does not work anymore.
User is authenticated even though the smart card authentication
failed.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/2090884/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
