** Description changed: - [ Impact ] + [Impact] - * Starting from gnome-shell version 46.0, which is available in noble, logging in to the - Ubuntu system with smart card does not work. - - * Only workaround is to downgrade gnome-shell to a version 45.0 + * Starting from gnome-shell version 46.0, which is available in noble, logging in to the + Ubuntu system with smart card does not work. - * Login problem is caused by two seperate issues, one caused by the bug in the upstream [1], - second is related to ubuntu specific code added as part of patch: - gdm-util-Figure-out-default-service-from-service-definiti.patch - - * Upstream issue has been alraedy fixed with [2], issue was caused by feature - which was checking conflicting sessions during login. - - * To fix login problem, upstream patch needs to be backported as well as - ubuntu specific code fixed + * Only workaround is to downgrade gnome-shell to a version 45.0 - [ Test Plan ] + * Login problem is caused by two seperate issues, one caused by the bug in the upstream [1], + second is related to ubuntu specific code added as part of patch: + gdm-util-Figure-out-default-service-from-service-definiti.patch - * To reproduce an issue, smart card (with at least self signed certificate) is required. - - * The simplest steps to reproduce the problem: - 1. Create user "test" - 2. Configure sssd.conf: - root@rmalz:/etc/sssd# cat sssd.conf - [sssd] - services = pam - enable_files_domain = True - certificate_verification = no_verification + * Upstream issue has been alraedy fixed with [2], issue was caused by feature + which was checking conflicting sessions during login. - [certmap/implicit_files/test] - matchrule = <SUBJECT>.* + * To fix login problem, upstream patch needs to be backported as well as + ubuntu specific code fixed - [pam] - pam_cert_auth = True - 3. Enable smart card login: - pam-auth-update --disable sss-smart-card-required --enable sss-smart-card-optional + [Test Plan] - * With these settings, login "test" user. Two problems will occurr. - First, gnome-shell will not prompt for a smart card PIN and will continue to ask for password. - This is caused by incorrect detection of default auth service, issue introduced with: - gdm-util-Figure-out-default-service-from-service-definiti.patch - - Second, if first problem is fixed, login screen will freeze. This issue is caused by upstream - bug [1]. + * To reproduce an issue, smart card (with at least self signed + certificate) is required. - [ Where problems could occur ] + * The simplest steps to reproduce the problem: + 1. Create user "test" + 2. Configure sssd.conf: + root@rmalz:/etc/sssd# cat sssd.conf + [sssd] + services = pam + enable_files_domain = True + certificate_verification = no_verification - * Upstream patch is changing behavior of finding conflicting sessions, + [certmap/implicit_files/test] + matchrule = <SUBJECT>.* + + [pam] + pam_cert_auth = True + 3. Enable smart card login: + pam-auth-update --disable sss-smart-card-required --enable sss-smart-card-optional + + * With these settings, login "test" user. Two problems will occurr. + First, gnome-shell will not prompt for a smart card PIN and will continue to ask for password. + This is caused by incorrect detection of default auth service, issue introduced with: + gdm-util-Figure-out-default-service-from-service-definiti.patch + + Second, if first problem is fixed, login screen will freeze. This issue is caused by upstream + bug [1]. + + [Where problems could occur] + + * Upstream patch is changing behavior of finding conflicting sessions, possible risk of regression for non smart card cases - * There is additional patch [3], introduced as part of fix for [1]. It seems that this patch is fixing presentation issue - which is different from initial login problem and no part of this SRU. + * There is additional patch [3], introduced as part of fix for [1]. It seems that this patch is fixing presentation issue + which is different from initial login problem and no part of this SRU. - * Patches for both [2] and gdm-util-Figure-out-default-service-from-service-definiti.patch have been tested locally, allowing - to login without issues. + * Patches for both [2] and gdm-util-Figure-out-default-service-from-service-definiti.patch have been tested locally, allowing + to login without issues. - [ Other Info ] + [Other Info] - * Links: - [1] - https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7526 - [2] - https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/3448/diffs?commit_id=e5d9a0fec869adbe610c46114afaede04f8c89e2 - [3] - https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/3448/diffs?commit_id=647747fbd6afef2f9f939682ab6527f3877ffbfb + * Links: + [1] - https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7526 + [2] - https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/3448/diffs?commit_id=e5d9a0fec869adbe610c46114afaede04f8c89e2 + [3] - https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/3448/diffs?commit_id=647747fbd6afef2f9f939682ab6527f3877ffbfb - * Original case description: + * Original case description: Upstream report: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7526 Opening as part of response to support ticket. After boot, GDM does not prompt for smartcard authentication correctly. It is possible to strike Esc and get GDM to prompt for a username and a smartcard PIN from the initial locked-out state, but this does not start a new desktop session and instead hangs. Striking Esc allows for the login to be attempted again, but with the same results. Syslog entries include unhandled promise rejections from the onSessionOpened event in loginDialog, and perhaps more importantly also from the user verification stack that is used to create the initial authentication options prompt (stack traces of the syslog entries attached). Affects GDM 46.0-2ubuntu1 in Noble. To reproduce, configure smartcard auth for a network user on a new Noble install and try to sign in.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065432 Title: Unable to authenticate with smartcard: gnome-shell throws on unhandled promise rejection To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-shell/+bug/2065432/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
