| 2020-02-28 21:34:58 |
pi-rho |
bug |
|
|
added bug |
| 2020-02-28 21:38:07 |
pi-rho |
bug |
|
|
added subscriber Sebastien Bacher |
| 2020-02-28 21:38:33 |
pi-rho |
bug |
|
|
added subscriber Leonidas S. Barbosa |
| 2020-03-06 14:38:43 |
Sebastien Bacher |
gdm3 (Ubuntu): importance |
Undecided |
Low |
|
| 2020-03-06 14:38:45 |
Sebastien Bacher |
gdm3 (Ubuntu): status |
New |
Confirmed |
|
| 2020-03-10 15:25:27 |
pi-rho |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953557 |
|
| 2020-03-10 15:25:27 |
pi-rho |
bug task added |
|
gdm |
|
| 2020-03-30 22:45:31 |
Bug Watch Updater |
gdm: status |
Unknown |
New |
|
| 2020-06-23 09:10:39 |
Dimitri John Ledkov |
bug task added |
|
pam (Ubuntu) |
|
| 2020-06-23 09:10:48 |
Dimitri John Ledkov |
tags |
amd64 apport-bug bionic third-party-packages |
amd64 apport-bug bionic rls-gg-incoming third-party-packages |
|
| 2020-06-23 10:01:34 |
Sebastien Bacher |
summary |
gdm3 fails to install /etc/pam.d/gdm-smartcard |
gdm-smartcard pam config needs to be updated for Ubuntu and installed |
|
| 2020-06-25 15:14:13 |
Dimitri John Ledkov |
pam (Ubuntu): status |
New |
Invalid |
|
| 2020-07-14 13:57:04 |
Martin Wimpress |
gdm3 (Ubuntu): assignee |
|
Marco Trevisan (Treviño) (3v1n0) |
|
| 2020-09-01 13:39:15 |
Ken VanDine |
nominated for series |
|
Ubuntu Groovy |
|
| 2020-09-01 13:39:15 |
Ken VanDine |
bug task added |
|
pam (Ubuntu Groovy) |
|
| 2020-09-01 13:39:15 |
Ken VanDine |
bug task added |
|
gdm3 (Ubuntu Groovy) |
|
| 2020-09-01 13:39:32 |
Ken VanDine |
tags |
amd64 apport-bug bionic rls-gg-incoming third-party-packages |
amd64 apport-bug bionic third-party-packages |
|
| 2020-09-25 16:01:06 |
Eric Desrochers |
bug |
|
|
added subscriber Eric Desrochers |
| 2020-09-25 17:50:39 |
Eric Desrochers |
gdm3 (Ubuntu Groovy): importance |
Low |
Medium |
|
| 2020-10-13 14:47:03 |
Eric Desrochers |
gdm3 (Ubuntu Groovy): importance |
Medium |
High |
|
| 2020-10-13 14:47:19 |
Eric Desrochers |
nominated for series |
|
Ubuntu Focal |
|
| 2020-10-13 14:47:19 |
Eric Desrochers |
bug task added |
|
pam (Ubuntu Focal) |
|
| 2020-10-13 14:47:19 |
Eric Desrochers |
bug task added |
|
gdm3 (Ubuntu Focal) |
|
| 2020-10-13 14:47:19 |
Eric Desrochers |
nominated for series |
|
Ubuntu Bionic |
|
| 2020-10-13 14:47:19 |
Eric Desrochers |
bug task added |
|
pam (Ubuntu Bionic) |
|
| 2020-10-13 14:47:19 |
Eric Desrochers |
bug task added |
|
gdm3 (Ubuntu Bionic) |
|
| 2020-10-13 14:47:27 |
Eric Desrochers |
gdm3 (Ubuntu Focal): status |
New |
Confirmed |
|
| 2020-10-13 14:47:29 |
Eric Desrochers |
gdm3 (Ubuntu Focal): importance |
Undecided |
High |
|
| 2020-10-13 14:47:31 |
Eric Desrochers |
gdm3 (Ubuntu Bionic): importance |
Undecided |
High |
|
| 2020-10-13 20:11:55 |
Steve Langasek |
pam (Ubuntu Bionic): status |
New |
Invalid |
|
| 2020-10-13 20:11:56 |
Steve Langasek |
pam (Ubuntu Focal): status |
New |
Invalid |
|
| 2020-10-15 14:59:58 |
Dariusz Gadomski |
bug |
|
|
added subscriber Dariusz Gadomski |
| 2020-11-03 14:39:02 |
Sebastien Bacher |
gdm3 (Ubuntu Focal): assignee |
|
Marco Trevisan (Treviño) (3v1n0) |
|
| 2020-11-14 01:49:24 |
Marco Trevisan (Treviño) |
bug task added |
|
gnome-settings-daemon (Ubuntu) |
|
| 2020-11-14 01:50:05 |
Marco Trevisan (Treviño) |
gnome-settings-daemon (Ubuntu): importance |
Undecided |
Medium |
|
| 2020-11-14 01:50:05 |
Marco Trevisan (Treviño) |
gnome-settings-daemon (Ubuntu): status |
New |
In Progress |
|
| 2020-11-14 01:50:05 |
Marco Trevisan (Treviño) |
gnome-settings-daemon (Ubuntu): assignee |
|
Marco Trevisan (Treviño) (3v1n0) |
|
| 2020-11-14 01:50:43 |
Marco Trevisan (Treviño) |
bug watch added |
|
https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/260 |
|
| 2020-11-14 01:50:43 |
Marco Trevisan (Treviño) |
bug task added |
|
gnome-settings-daemon |
|
| 2020-11-14 01:51:05 |
Marco Trevisan (Treviño) |
bug task deleted |
gnome-settings-daemon (Ubuntu Bionic) |
|
|
| 2020-11-17 14:32:45 |
Sebastien Bacher |
gdm3 (Ubuntu Bionic): assignee |
|
Marco Trevisan (Treviño) (3v1n0) |
|
| 2020-11-17 14:38:06 |
Sebastien Bacher |
gdm3 (Ubuntu Bionic): status |
New |
Won't Fix |
|
| 2020-11-17 14:46:20 |
Sebastien Bacher |
gnome-settings-daemon (Ubuntu Focal): assignee |
|
Marco Trevisan (Treviño) (3v1n0) |
|
| 2020-11-17 14:46:34 |
Sebastien Bacher |
gnome-settings-daemon (Ubuntu Groovy): assignee |
|
Marco Trevisan (Treviño) (3v1n0) |
|
| 2021-02-22 20:49:55 |
Mathew Hodson |
bug task deleted |
pam (Ubuntu) |
|
|
| 2021-02-22 20:50:04 |
Mathew Hodson |
bug task deleted |
pam (Ubuntu Bionic) |
|
|
| 2021-02-22 20:50:11 |
Mathew Hodson |
bug task deleted |
pam (Ubuntu Focal) |
|
|
| 2021-02-22 20:50:20 |
Mathew Hodson |
bug task deleted |
pam (Ubuntu Groovy) |
|
|
| 2021-02-22 20:51:07 |
Mathew Hodson |
bug task added |
|
gdm3 (Debian) |
|
| 2021-02-22 20:52:24 |
Mathew Hodson |
affects |
gdm |
ubuntu-translations |
|
| 2021-02-22 20:52:24 |
Mathew Hodson |
ubuntu-translations: importance |
Unknown |
Undecided |
|
| 2021-02-22 20:52:24 |
Mathew Hodson |
ubuntu-translations: remote watch |
Debian Bug tracker #953557 |
|
|
| 2021-02-22 20:52:35 |
Mathew Hodson |
bug task deleted |
ubuntu-translations |
|
|
| 2021-02-23 09:26:14 |
Bug Watch Updater |
gdm3 (Debian): status |
Unknown |
New |
|
| 2021-02-25 07:31:52 |
Marco Trevisan (Treviño) |
gdm3 (Ubuntu Groovy): status |
Confirmed |
In Progress |
|
| 2021-02-25 07:32:00 |
Marco Trevisan (Treviño) |
bug task deleted |
gdm3 (Ubuntu Groovy) |
|
|
| 2021-02-25 07:32:04 |
Marco Trevisan (Treviño) |
bug task deleted |
gnome-settings-daemon (Ubuntu Groovy) |
|
|
| 2021-02-25 07:32:17 |
Marco Trevisan (Treviño) |
gdm3 (Ubuntu): status |
Confirmed |
In Progress |
|
| 2021-02-25 07:32:19 |
Marco Trevisan (Treviño) |
gnome-settings-daemon (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2021-02-25 17:00:48 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~3v1n0/ubuntu-seeds/+git/ubuntu-seeds/+merge/398722 |
|
| 2021-02-25 21:37:09 |
Launchpad Janitor |
gnome-settings-daemon (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2021-02-27 06:47:35 |
Bug Watch Updater |
gdm3 (Debian): status |
New |
Fix Released |
|
| 2021-02-27 21:48:08 |
Launchpad Janitor |
gdm3 (Ubuntu): status |
In Progress |
Fix Released |
|
| 2021-02-27 21:48:08 |
Launchpad Janitor |
cve linked |
|
2020-16125 |
|
| 2021-03-02 03:09:20 |
Mathew Hodson |
bug task deleted |
gdm3 (Ubuntu Bionic) |
|
|
| 2021-03-02 03:09:26 |
Mathew Hodson |
gnome-settings-daemon (Ubuntu Focal): importance |
Undecided |
Medium |
|
| 2021-04-06 16:15:02 |
David Coronel |
bug |
|
|
added subscriber David Coronel |
| 2021-07-12 14:10:38 |
Dan Streetman |
bug |
|
|
added subscriber Dan Streetman |
| 2021-12-10 10:52:18 |
Sebastien Bacher |
tags |
amd64 apport-bug bionic third-party-packages |
amd64 apport-bug bionic dt-194 third-party-packages |
|
| 2022-05-20 16:02:55 |
Bug Watch Updater |
gnome-settings-daemon: status |
Unknown |
New |
|
| 2023-01-27 19:59:33 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~3v1n0/ubuntu/+source/sssd/+git/sssd/+merge/436361 |
|
| 2023-01-27 22:38:16 |
Dan Streetman |
removed subscriber Dan Streetman |
|
|
|
| 2023-01-31 04:30:58 |
Marco Trevisan (Treviño) |
gdm3 (Ubuntu Focal): status |
Confirmed |
In Progress |
|
| 2023-01-31 04:31:03 |
Marco Trevisan (Treviño) |
gnome-settings-daemon (Ubuntu Focal): status |
New |
In Progress |
|
| 2023-09-02 09:44:03 |
Ubuntu Archive Robot |
bug |
|
|
added subscriber Sergio Durigan Junior |
| 2023-09-06 04:37:16 |
Bug Watch Updater |
gnome-settings-daemon: status |
New |
Fix Released |
|
| 2023-09-08 01:06:46 |
Marco Trevisan (Treviño) |
description |
the pam profile for gdm-smartcard is missing. gdm refuses to login with a smartcard. Looking at ubuntu/+source/gdm3, other pam files are pregenerated into debian/ and installed from there; gdm-smartcard is left out.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: gdm3 3.28.3-0ubuntu18.04.4
ProcVersionSignature: Ubuntu 5.3.0-24.26~18.04.2-generic 5.3.10
Uname: Linux 5.3.0-24-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu7.11
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri Feb 28 14:30:30 2020
InstallationDate: Installed on 2016-05-23 (1376 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.gdm3.Xsession: 2018-04-27T11:41:04.766901 |
[ Impact ]
the pam profile for gdm-smartcard is missing. gdm refuses to login with a smartcard. Looking at ubuntu/+source/gdm3, other pam files are pregenerated into debian/ and installed from there; gdm-smartcard is left out.
[ Test case ]
1. When in GDM, insert a smartcard
2. The GDM interface should require for an user
3. The user should be set (or empty may be provided,
depending on sssd configuration)
4. The smartcard PIN should be requested and once introduce the
user must login.
Note that this requires configuring sssd before, a simple local configuration could require having sssd.conf filled with:
```ini
[sssd]
enable_files_domain = True
services = pam
[certmap/implicit_files/$USER]
matchrule = <SUBJECT>.*YOUR CARD IDENTIFIER*
[pam]
pam_cert_auth = True
```
The UI authentication can also be simulated via pamtester:
# Must be ran as user
sudo apt install pamtester
pamtester -v gdm-smartcard $USER authenticate
Expected output is
+ pamtester -v gdm-smartcard ubuntu authenticate
pamtester: invoking pam_start(gdm-smartcard, ubuntu, ...)
pamtester: performing operation - authenticate
PIN for Test Organization Sub Int Token:
pamtester: successfully authenticated
[ Regression potential ]
Smartcard authentication using custom methods using via a custom configured system nss database may not work anymore.
---
ProblemType: BugDistroRelease: Ubuntu 18.04
Package: gdm3 3.28.3-0ubuntu18.04.4
ProcVersionSignature: Ubuntu 5.3.0-24.26~18.04.2-generic 5.3.10
Uname: Linux 5.3.0-24-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu7.11
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri Feb 28 14:30:30 2020
InstallationDate: Installed on 2016-05-23 (1376 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.gdm3.Xsession: 2018-04-27T11:41:04.766901 |
|
| 2023-09-08 01:08:28 |
Marco Trevisan (Treviño) |
description |
[ Impact ]
the pam profile for gdm-smartcard is missing. gdm refuses to login with a smartcard. Looking at ubuntu/+source/gdm3, other pam files are pregenerated into debian/ and installed from there; gdm-smartcard is left out.
[ Test case ]
1. When in GDM, insert a smartcard
2. The GDM interface should require for an user
3. The user should be set (or empty may be provided,
depending on sssd configuration)
4. The smartcard PIN should be requested and once introduce the
user must login.
Note that this requires configuring sssd before, a simple local configuration could require having sssd.conf filled with:
```ini
[sssd]
enable_files_domain = True
services = pam
[certmap/implicit_files/$USER]
matchrule = <SUBJECT>.*YOUR CARD IDENTIFIER*
[pam]
pam_cert_auth = True
```
The UI authentication can also be simulated via pamtester:
# Must be ran as user
sudo apt install pamtester
pamtester -v gdm-smartcard $USER authenticate
Expected output is
+ pamtester -v gdm-smartcard ubuntu authenticate
pamtester: invoking pam_start(gdm-smartcard, ubuntu, ...)
pamtester: performing operation - authenticate
PIN for Test Organization Sub Int Token:
pamtester: successfully authenticated
[ Regression potential ]
Smartcard authentication using custom methods using via a custom configured system nss database may not work anymore.
---
ProblemType: BugDistroRelease: Ubuntu 18.04
Package: gdm3 3.28.3-0ubuntu18.04.4
ProcVersionSignature: Ubuntu 5.3.0-24.26~18.04.2-generic 5.3.10
Uname: Linux 5.3.0-24-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu7.11
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri Feb 28 14:30:30 2020
InstallationDate: Installed on 2016-05-23 (1376 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.gdm3.Xsession: 2018-04-27T11:41:04.766901 |
[ Impact ]
the pam profile for gdm-smartcard is missing. gdm refuses to login with a smartcard. Looking at ubuntu/+source/gdm3, other pam files are pregenerated into debian/ and installed from there; gdm-smartcard is left out.
[ Test case ]
1. When in GDM, insert a smartcard
2. The GDM interface should require for an user
3. The user should be set (or empty may be provided,
depending on sssd configuration)
4. The smartcard PIN should be requested and once introduce the
user must login.
Note that this requires configuring sssd before, a simple local configuration could require having sssd.conf filled with:
```ini
[sssd]
enable_files_domain = True
services = pam
[certmap/implicit_files/$USER]
matchrule = <SUBJECT>.*YOUR CARD IDENTIFIER*
[pam]
pam_cert_auth = True
```
The UI authentication can also be simulated via pamtester:
# Must be ran as user
sudo apt install pamtester
pamtester -v gdm-smartcard $USER authenticate
Expected output is
+ pamtester -v gdm-smartcard ubuntu authenticate
pamtester: invoking pam_start(gdm-smartcard, ubuntu, ...)
pamtester: performing operation - authenticate
PIN for Test Organization Sub Int Token:
pamtester: successfully authenticated
---
Alternatively, if no smartcard or hardware is available, this can be tested and simulated using these scripts (they will reset the system setup at each run, but it's suggested to run them in a VM, lxd container or in a test installation):
https://gist.github.com/3v1n0/287d02ca8e03936f1c7bba992173d47a
- sudo apt install gdm3 pamtester softhsm2 openssl wget sssd gnutls-bin && \
sudo apt-mark auto gdm3 pamtester softhsm2 openssl wget sssd gnutls-bin
- wget https://gist.github.com/3v1n0/287d02ca8e03936f1c7bba992173d47a/raw/sssd-gdm-smartcard-pam-auth-tester.sh
- sudo sssd-gdm-smartcard-pam-auth-tester.sh
The script will generate some fake CA authority, issue some certificates, will install them in some software-based smartcards (using softhsm2) and test that they work properly to login with gdm-smartcard.
Using `WAIT` environment variable set (to any value) will make it to restart gdm at each iteration so that an user can try to access, using the username that launched the script and the pin of 123456.
[ Regression potential ]
Smartcard authentication using custom methods using via a custom configured system nss database may not work anymore.
---
ProblemType: BugDistroRelease: Ubuntu 18.04
Package: gdm3 3.28.3-0ubuntu18.04.4
ProcVersionSignature: Ubuntu 5.3.0-24.26~18.04.2-generic 5.3.10
Uname: Linux 5.3.0-24-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu7.11
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri Feb 28 14:30:30 2020
InstallationDate: Installed on 2016-05-23 (1376 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.gdm3.Xsession: 2018-04-27T11:41:04.766901 |
|
| 2023-09-08 01:16:56 |
Marco Trevisan (Treviño) |
bug task added |
|
sssd (Ubuntu) |
|
| 2023-09-08 01:18:04 |
Marco Trevisan (Treviño) |
sssd (Ubuntu): status |
New |
In Progress |
|
| 2023-09-08 01:18:08 |
Marco Trevisan (Treviño) |
sssd (Ubuntu): assignee |
|
Marco Trevisan (Treviño) (3v1n0) |
|
| 2023-09-08 01:18:42 |
Marco Trevisan (Treviño) |
bug task deleted |
gdm3 (Ubuntu Focal) |
|
|
| 2023-09-08 01:18:45 |
Marco Trevisan (Treviño) |
bug task deleted |
gnome-settings-daemon (Ubuntu Focal) |
|
|
| 2023-09-08 01:18:56 |
Marco Trevisan (Treviño) |
nominated for series |
|
Ubuntu Focal |
|
| 2023-09-08 01:18:57 |
Marco Trevisan (Treviño) |
bug task added |
|
gnome-settings-daemon (Ubuntu Focal) |
|
| 2023-09-08 01:18:57 |
Marco Trevisan (Treviño) |
bug task added |
|
sssd (Ubuntu Focal) |
|
| 2023-09-08 01:18:57 |
Marco Trevisan (Treviño) |
bug task added |
|
gdm3 (Ubuntu Focal) |
|
| 2023-09-08 01:19:11 |
Marco Trevisan (Treviño) |
gdm3 (Ubuntu Focal): importance |
Undecided |
High |
|
| 2023-09-08 01:19:11 |
Marco Trevisan (Treviño) |
gdm3 (Ubuntu Focal): assignee |
|
Marco Trevisan (Treviño) (3v1n0) |
|
| 2023-09-08 01:19:12 |
Marco Trevisan (Treviño) |
gnome-settings-daemon (Ubuntu Focal): importance |
Undecided |
Medium |
|
| 2023-09-08 01:19:12 |
Marco Trevisan (Treviño) |
gnome-settings-daemon (Ubuntu Focal): assignee |
|
Marco Trevisan (Treviño) (3v1n0) |
|
| 2023-09-08 01:19:14 |
Marco Trevisan (Treviño) |
sssd (Ubuntu Focal): status |
New |
In Progress |
|
| 2023-09-08 01:19:14 |
Marco Trevisan (Treviño) |
sssd (Ubuntu Focal): assignee |
|
Marco Trevisan (Treviño) (3v1n0) |
|
| 2023-09-08 01:19:27 |
Marco Trevisan (Treviño) |
gdm3 (Ubuntu Focal): status |
New |
In Progress |
|
| 2023-09-08 01:19:30 |
Marco Trevisan (Treviño) |
gnome-settings-daemon (Ubuntu Focal): status |
New |
In Progress |
|
| 2023-09-08 01:19:34 |
Marco Trevisan (Treviño) |
sssd (Ubuntu): status |
In Progress |
Fix Released |
|
| 2023-09-08 01:29:01 |
Marco Trevisan (Treviño) |
description |
[ Impact ]
the pam profile for gdm-smartcard is missing. gdm refuses to login with a smartcard. Looking at ubuntu/+source/gdm3, other pam files are pregenerated into debian/ and installed from there; gdm-smartcard is left out.
[ Test case ]
1. When in GDM, insert a smartcard
2. The GDM interface should require for an user
3. The user should be set (or empty may be provided,
depending on sssd configuration)
4. The smartcard PIN should be requested and once introduce the
user must login.
Note that this requires configuring sssd before, a simple local configuration could require having sssd.conf filled with:
```ini
[sssd]
enable_files_domain = True
services = pam
[certmap/implicit_files/$USER]
matchrule = <SUBJECT>.*YOUR CARD IDENTIFIER*
[pam]
pam_cert_auth = True
```
The UI authentication can also be simulated via pamtester:
# Must be ran as user
sudo apt install pamtester
pamtester -v gdm-smartcard $USER authenticate
Expected output is
+ pamtester -v gdm-smartcard ubuntu authenticate
pamtester: invoking pam_start(gdm-smartcard, ubuntu, ...)
pamtester: performing operation - authenticate
PIN for Test Organization Sub Int Token:
pamtester: successfully authenticated
---
Alternatively, if no smartcard or hardware is available, this can be tested and simulated using these scripts (they will reset the system setup at each run, but it's suggested to run them in a VM, lxd container or in a test installation):
https://gist.github.com/3v1n0/287d02ca8e03936f1c7bba992173d47a
- sudo apt install gdm3 pamtester softhsm2 openssl wget sssd gnutls-bin && \
sudo apt-mark auto gdm3 pamtester softhsm2 openssl wget sssd gnutls-bin
- wget https://gist.github.com/3v1n0/287d02ca8e03936f1c7bba992173d47a/raw/sssd-gdm-smartcard-pam-auth-tester.sh
- sudo sssd-gdm-smartcard-pam-auth-tester.sh
The script will generate some fake CA authority, issue some certificates, will install them in some software-based smartcards (using softhsm2) and test that they work properly to login with gdm-smartcard.
Using `WAIT` environment variable set (to any value) will make it to restart gdm at each iteration so that an user can try to access, using the username that launched the script and the pin of 123456.
[ Regression potential ]
Smartcard authentication using custom methods using via a custom configured system nss database may not work anymore.
---
ProblemType: BugDistroRelease: Ubuntu 18.04
Package: gdm3 3.28.3-0ubuntu18.04.4
ProcVersionSignature: Ubuntu 5.3.0-24.26~18.04.2-generic 5.3.10
Uname: Linux 5.3.0-24-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu7.11
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri Feb 28 14:30:30 2020
InstallationDate: Installed on 2016-05-23 (1376 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.gdm3.Xsession: 2018-04-27T11:41:04.766901 |
[ Impact ]
the pam profile for gdm-smartcard is missing. gdm refuses to login with a smartcard. Looking at ubuntu/+source/gdm3, other pam files are pregenerated into debian/ and installed from there; gdm-smartcard is left out.
[ Test case ]
1. When in GDM, insert a smartcard
2. The GDM interface should require for an user
3. The user should be set (or empty may be provided,
depending on sssd configuration)
4. The smartcard PIN should be requested and once introduce the
user must login.
Note that this requires configuring sssd before, a simple local configuration could require having sssd.conf filled with:
```ini
[sssd]
enable_files_domain = True
services = pam
[certmap/implicit_files/$USER]
matchrule = <SUBJECT>.*YOUR CARD IDENTIFIER*
[pam]
pam_cert_auth = True
```
The UI authentication can also be simulated via pamtester:
# Must be ran as user
sudo apt install pamtester
pamtester -v gdm-smartcard $USER authenticate
Expected output is
+ pamtester -v gdm-smartcard ubuntu authenticate
pamtester: invoking pam_start(gdm-smartcard, ubuntu, ...)
pamtester: performing operation - authenticate
PIN for Test Organization Sub Int Token:
pamtester: successfully authenticated
---
Alternatively, if no smartcard or hardware is available, this can be tested and simulated using these scripts (they will reset the system setup at each run, but it's suggested to run them in a VM, lxd container or in a test installation):
https://gist.github.com/3v1n0/287d02ca8e03936f1c7bba992173d47a
- sudo apt install gdm3 pamtester softhsm2 openssl wget sssd gnutls-bin && \
sudo apt-mark auto gdm3 pamtester softhsm2 openssl wget sssd gnutls-bin
- wget https://gist.github.com/3v1n0/287d02ca8e03936f1c7bba992173d47a/raw/sssd-gdm-smartcard-pam-auth-tester.sh
- wget https://gist.github.com/3v1n0/287d02ca8e03936f1c7bba992173d47a/raw/sssd-softhism2-certificates-tests.sh
- sudo bash ./sssd-gdm-smartcard-pam-auth-tester.sh
The script will generate some fake CA authority, issue some certificates, will install them in some software-based smartcards (using softhsm2) and test that they work properly to login with gdm-smartcard.
Using `WAIT` environment variable set (to any value) will make it to restart gdm at each iteration so that an user can try to access, using the username that launched the script and the pin of 123456.
[ Regression potential ]
Smartcard authentication using custom methods using via a custom configured system nss database may not work anymore.
---
ProblemType: BugDistroRelease: Ubuntu 18.04
Package: gdm3 3.28.3-0ubuntu18.04.4
ProcVersionSignature: Ubuntu 5.3.0-24.26~18.04.2-generic 5.3.10
Uname: Linux 5.3.0-24-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu7.11
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri Feb 28 14:30:30 2020
InstallationDate: Installed on 2016-05-23 (1376 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.gdm3.Xsession: 2018-04-27T11:41:04.766901 |
|
| 2023-09-08 03:43:28 |
Ubuntu Archive Robot |
bug |
|
|
added subscriber Marco Trevisan (Treviño) |
| 2023-09-08 15:43:16 |
Ubuntu Archive Robot |
bug |
|
|
added subscriber Jeremy Bícha |
| 2023-09-21 19:13:16 |
Andreas Hasenack |
bug |
|
|
added subscriber Andreas Hasenack |
| 2023-09-27 04:44:45 |
Chris Halse Rogers |
gnome-settings-daemon (Ubuntu Focal): status |
In Progress |
Incomplete |
|
