http://bugzilla.opensuse.org/show_bug.cgi?id=978957 Bug ID: 978957 Summary: Unable to unlock screen with smartcard credentials Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: x86-64 OS: openSUSE 42.1 Status: NEW Severity: Major Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: opensuse-kde-bugs@opensuse.org Reporter: lewis.e.wolfgang@ausgar.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- On a fresh install of 42.1, smartcard logins work as expected using pcsc, libcoolkey, pam_pkcs11, and xdm. But smartcard credentials are ignored when subsequently unlocking the screensaver. Problem was traced to kcheckpass loosing setuid permission. Pam apparently requires root creds to process authentication requests, and kcheckpass is unable to read /etc/pam_pkcs11/nssdb without its setuid bit being set. Workaround adds kcheckpass to /etc/permissions.local: /usr/lib64/libexec/kcheckpass root:shadow 4755 This issue was introduced in 42.1. Is there a more secure way to fix? -- You are receiving this mail because: You are on the CC list for the bug.