Bug#1051785: gdm3 won't allow logins when a smartcard/yubikey is plugged
Simon McVittie
smcv at debian.org
Thu Jun 12 14:18:16 BST 2025
On Thu, 12 Jun 2025 at 14:24:36 +0200, Raphael Hertzog wrote:
>On Sat, 27 Jul 2024, Luca Boccassi wrote:
>> I can confirm this works (I too have a yubikey with a cert for
>> unrelated purposes).
>
>So we should deploy this by default IMO. I have setup a new computer
>today and I have again been bitten by this issue. Increasing severity
>to attract more eyes and maybe trigger an upload.
As I said before, I'd prefer to have our expert on smart cards involved
in this, rather than second-guessing his design.
Marco: can we set
[org/gnome/login-screen]
enable-smartcard-authentication=false
by default in /etc/gdm3/greeter.dconf-defaults? That would be one more
thing that sysadmins have to adjust when they enrol smart cards for
authentication, but it seems preferable to having Yubikey/Nitrokey users
unable to log in by default.
Or do you have some other plan for this?
I'm setting a deadline for this: if I don't see objections within the
next week, I intend to upload that change to unstable.
smcv
More information about the pkg-gnome-maintainers
mailing list