Comment 26 for bug 1905790

This change had created a denial of service configuration bug for an untold number of smart card configured (and smart card requires) systems.

p11_child requires with the OpenSSL PEM full cert chain to function. the NSSDB version does not.

So for folks that have configured the minimum in the NSSDB by only adding the issuing certificate (and not chain of certs to the root), smart card authentication will now fail by simply updating to the latest Ubuntu 20.04 packages. The nssdb to pam conversion script does not check chain of trust in the new pam file.

So when untold number of systems roll this out with require_cert_auth in the pam stack to be NIST 800-171 compliant, they will all be bricked and no way to login.