Login screen doesn't offer authentication using Yubikey after upgrade 23.10 => 24.04
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gdm3 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
I own YubiKey 5 Nano.
In Ubuntu 23.10 I had configured a login to Gnome using YubiKey so that when I started OS with YubiKey inserted, clicked on my username in login screen, I was offered to touch YubiKey and when I did it, then a login succeeded ✓.
But when I upgraded to Ubuntu 24.04 beta, in login screen I'm prompted by entering of password only and no "touch" method is offered anymore 🐛.
Note that YubiKey auth works well e.g. for "sudo":
---
$ sudo apt update
Please touch the device.
...
This is my GDM policy configuration
/etc/pam.
-------
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_succeed_if.so user != root quiet_success
@include common-u2f
@include common-auth
auth optional pam_gnome_
@include common-account
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without this it is possible
# that a module could execute code in the wrong domain.
session [success=ok ignore=ignore module_
session required pam_loginuid.so
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
# pam_selinux.so changes the SELinux context of the used TTY and configures
# SELinux in order to transition to the user context with the next execve()
# call.
session [success=ok ignore=ignore module_
session optional pam_keyinit.so force revoke
session required pam_limits.so
session required pam_env.so readenv=1
session required pam_env.so readenv=1 user_readenv=1 envfile=
@include common-session
session optional pam_gnome_
@include common-password
/etc/pam.
-------
auth sufficient pam_u2f.so authfile=
Used SW and HW:
---------------
* HW: laptop Yoga Slim 7 14ARE05
* SW:
* Ubuntu 24.04
* kernel 6.8.0-22-generic
* gdm3 46.0-2ubuntu1, I'm using default Wayland session
* libpam-yubico 2.26-1.1build2
I've just updated OS and the bug has gone. Now I can see the message "Please touch the device" in login screen as expected when I click on my name there.
Feel free to close the bug.
SW:
* kernel: 6.8.0-31-generic
* libpam-yubico: 2.26-1.1build2