Bug ID 978957
Summary Unable to unlock screen with smartcard credentials
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.1
Hardware x86-64
OS openSUSE 42.1
Status NEW
Severity Major
Priority P5 - None
Component KDE Workspace (Plasma)
Assignee opensuse-kde-bugs@opensuse.org
Reporter lewis.e.wolfgang@ausgar.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

On a fresh install of 42.1, smartcard logins work as expected using pcsc,
libcoolkey, pam_pkcs11, and xdm.  But smartcard credentials are ignored when
subsequently unlocking the screensaver.  

Problem was traced to kcheckpass loosing setuid permission.  Pam apparently
requires root creds to process authentication requests, and kcheckpass is
unable to read /etc/pam_pkcs11/nssdb without its setuid bit being set.

Workaround adds kcheckpass to /etc/permissions.local:

   /usr/lib64/libexec/kcheckpass    root:shadow  4755

This issue was introduced in 42.1.  Is there a more secure way to fix?

You are receiving this mail because: