On Fri, Oct 9, 2020 at 4:16 PM Marius Schwarz <fedoradev@xxxxxxxxxxxx> wrote: > > Am 09.10.20 um 13:18 schrieb Nikos Mavrogiannopoulos: > > LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu > --color | tee log.txt > > This the unchanged output: > 00492770 [140407774111296] auth.c:137:IsClientAuthorized() Process 33529 (user: 1001) is NOT authorized for action: access_pcsc ^^^ What's this process? (you'll need to figure in your current system) > Main-problem with it: ABORT just loops to the same requester again and again, resulting in an endless loop > First thing to change to pcscd, accept an abort for what it is and don't ask again. > That would solve the major problem, still anoying, but at least it doesn't stop the session login. What you see is not coming from pcscd. This is a polkit dialog you are seeing because the process above in your system decided to do some actions on smart cards. pcscd has no way to know whether that's a new or a repeating request. > Second thing to chance: just ask, if a usable hw is found. Asking permission for an impossible task is the definition of madnes > > Back to your request to change the policy: > > I don't see any restrictions for remote access. ( F33 has same as https://pastebin.com/Mn8mzjVp ) > > <allow any>auth_admin > <allow_inactive>auth_admin > <allow_active>yes > > and I have no clue, besides setting those above to "no", which had the hoped result(tested), how to change the file to ignore or skip the request it generates via polkit when gnome starts.But I'm pretty sure, changing the policy file, just makes thing unusable in case a smartcardread is really available in the system. Try setting the access daemon part from auth_admin to yes. Does it address the issue? > As all the opensc tools supplied just return "No smart card readers found.", an invoke of the accessrequest should only be made, if a smartcard is really accessed and not everytime someone logs in. > And from what i can see on the net, you're the man who knows the answeres ;) Unfortunately I don't :) regards, Nikos _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
