Bug#1051785: workaround

[C]

I found myself here with the same issue (although it took a while to find
this bug): I have a YubiKey and suddenly at login my user would appear for
a split second and then be replaced by the blank username field.

After entering the username gdm3 would show "SSSD PAM module is not
installed. Smart card authentication is not supported, falling back to
default mechanism"
This started for me a few weeks ago, right around the time I installed
opensc for some smart card work I needed to do.

I managed to "fix" the behaviour (it's more of a workaround IMO) by running
this command

sudo -u Debian-gdm env -u XDG_RUNTIME_DIR -u DISPLAY DCONF_PROFILE=gdm
dbus-run-session gsettings set org.gnome.login-screen
enable-smartcard-authentication false

that Marco suggested on
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1933027/comments/17
(all I had to do was change the sudo username from gdm to Debian-gdm).
Neither the dconf workaround suggested above, nor setting the gsettings
entry on my user or as root, worked and I suspect it's because the value on
the Debian-gdm user takes precedence.

For the record I didn't try the other suggestion in the bug (creating
/etc/pam.d/gdm-password and using update-alternatives to set that as the
default for gdm-smartcard), but maybe Debian should have this as an option
for people that run into this issue?
If that's a valid option then believe it would be a simple addition to have
that file (even called something else, like "gdm-no-smartcard",
"gdm-password-only", etc.) in place, even if it's not the default.

Also of note, my installed alternative was "gdm-smartcard-sssd-exclusive"
and it was still falling back to password.

Hope this helps!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20240621/a1cff212/attachment.htm>