On Thu, Aug 15, 2019 at 06:45:38AM +0000, Winberg Adam wrote:
Hello all,
when using smart card auth with pam_pkcs11 there is an option to set 'nullok' to
true/false. Setting it to false effectively makes pam_pkcs11 ignore empty pin entries
(this option is also available for pam_unix and set to false as default). So if I get a
pin prompt and just press Enter it is not regarded as an authentication attempt.
Is there anything similar with pam_sss? Default behaviour seems to be to regard empty
inputs as an auth attempt, so if I run sudo and just press Enter a couple of times this
counts as failed auth attempts and will consequently lock my smart card. Which is not what
I want.
Hi,
this is indeed something which should not happen. Can you open a ticket
to add this functionality.
bye,
Sumit
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...