[SSSD-users] Re: Cannot unlock screen with different smart card
Am Mon, Apr 08, 2024 at 09:45:08PM -0600 schrieb Orion Poplawski:
It seems like one cannot unlock the screen with a different smart
card then
the one that was used to log into the session, or at least one with a
different token id, even though they resolve to the same user (of course).
Is there any immediately obvious reason this might be? Is the token id
cached somehow in the session? I would have thought that each
authentication would have been independent.
Hi,
yes, the token id is stored in the environment and this a feature of
Gnome Smartcard authentication since ever i.e. pam_pkcs11 supported this
as well.
This was added before my time so I'm not sure about the reason.
bye,
Sumit
--
Orion Poplawski
he/him/his - surely the least important thing about me
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion(a)nwra.com
Boulder, CO 80301 https://www.nwra.com/
--
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue