Mailinglist Archive: opensuse-bugs (3349 mails)

< Previous Next >
[Bug 978957] New: Unable to unlock screen with smartcard credentials
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Sat, 07 May 2016 19:00:35 +0000
  • Message-id: <bug-978957-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=978957


Bug ID: 978957
Summary: Unable to unlock screen with smartcard credentials
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.1
Hardware: x86-64
OS: openSUSE 42.1
Status: NEW
Severity: Major
Priority: P5 - None
Component: KDE Workspace (Plasma)
Assignee: opensuse-kde-bugs@xxxxxxxxxxxx
Reporter: lewis.e.wolfgang@xxxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

On a fresh install of 42.1, smartcard logins work as expected using pcsc,
libcoolkey, pam_pkcs11, and xdm. But smartcard credentials are ignored when
subsequently unlocking the screensaver.

Problem was traced to kcheckpass loosing setuid permission. Pam apparently
requires root creds to process authentication requests, and kcheckpass is
unable to read /etc/pam_pkcs11/nssdb without its setuid bit being set.

Workaround adds kcheckpass to /etc/permissions.local:

/usr/lib64/libexec/kcheckpass root:shadow 4755

This issue was introduced in 42.1. Is there a more secure way to fix?

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
This Thread
  • No further messages