Re: Fedora 33: pcscd and xrdp issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



/usr/share/polkit-1/actions/org.debian.pcsc-lite.policyOn Thu, Oct 8,
2020 at 11:06 AM Marius Schwarz <fedoradev@xxxxxxxxxxxx> wrote:
>
> Hi,
>
> this is a topic since a lot of time and it's still hits the user in it's
> face for no reason.
>
> Found: while presenting Fedora 33 changes to an audience and
> screenrecording with wayland isn't working yet :(
>
> Tested on Fedora 33 liveimage:
>
> su
> dnf install xrdp  -y
> adduser -s /bin/bash -d /home/rdptest rdptest
> passwd rdptest
> systemctl start xrdp
>
> ## different pc ##
>
> Start Remmina or XFreeRDP to connect to your running liveimage.
>
> You get a fucking uncloseable requester once the gnome session is open,
> that you need to enter a password for the LIVEUSER with to buttons
> without any function. It's not possible to get rid of it by using either
> one of the buttons nor a windowclose.

I do not have two systems to reproduce, but it seems that something
tries to access the smart cards while you connect and polkit makes
this popup. You can fix it by disabling the popup at all
(/usr/share/polkit-1/actions/org.debian.pcsc-lite.policy), or better,
identify what tried to access the smart cards. Running pcscd with
debug output may help. To do that disable pcscd (systemctl stop and
disable), and then try running it in the foreground:
sudo LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu
--color | tee log.txt


> Only Solution: dnf erase pcsc*
>
> Because: stopping that service does not stop the requester from popping
> up, as the daemon gets restarted via a socket.

Yes, the idea is for it to be enabled only when some service asks for
smart card access. I wonder however what is there that requests that
access.

> Now what really makes it so anoying: there is no smartcard reader in the
> hw.

There are two access control levels, access the pcsc daemon, and
access specific cards. Currently according to the pcsc-lite.policy we
ship we require authentication to access either when connecting
remotely. I wonder whether it makes sense to tweak these settings.
Could you try playing with the policy and see whether there are
options that could remove this popup? If you allow access to the
daemon from remote sessions do you still get the popup?

regards,
Nikos
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux