On Thu, Aug 15, 2019 at 06:45:38AM +0000, Winberg Adam wrote:
when using smart card auth with pam_pkcs11 there is an option to set 'nullok' to
true/false. Setting it to false effectively makes pam_pkcs11 ignore empty pin entries
(this option is also available for pam_unix and set to false as default). So if I get a
pin prompt and just press Enter it is not regarded as an authentication attempt.
Is there anything similar with pam_sss? Default behaviour seems to be to regard empty
inputs as an auth attempt, so if I run sudo and just press Enter a couple of times this
counts as failed auth attempts and will consequently lock my smart card. Which is not what
this is indeed something which should not happen. Can you open a ticket
to add this functionality.
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines