Ticket #604 (closed enhancement: fixed)

Opened 7 years ago

Last modified 5 years ago

Don't care if authenticated with cached credentials

Reported by: orion Owned by: sbose
Priority: major Milestone: SSSD 1.5.0
Component: PAM Version: 1.2.2
Keywords: Cc:
Blocked By: Blocking:
Sensitive: Tests Updated: no
Coverity Bug: Patch Submitted:
Red Hat Bugzilla: 0 Design link:
Feature Milestone:
Design review: Fedora test page:
Chosen: Candidate to push out:
Release Notes:
Temp mark:


I would like to be able to turn off the "Authenticated with cached credentials" message. With kdm login it pops up a dialog box that must be responded to before login continues. Annoying and I don't care if I was authenticated with cached credentials or not.

Change History

comment:1 Changed 7 years ago by sgallagh

This is something we CAN do, but I question whether it doesn't make more sense to have KDM fix their message reporting. For example, in GDM, this message flashes on the screen for about one second (just long enough to read it) then it disappears.

There are certain to be other PAM modules that produce output, and it would be a better solution for KDM to handle them gracefully.

comment:2 Changed 7 years ago by orion

Ah, didn't know about the GDM behavior. Must be how they handle PAM_TEXT_INFO messages? I'll poke around in kdm some more.

comment:3 Changed 7 years ago by sgallagh

Yes, it's a PAM_TEXT_INFO reply.

Another point to note: this behavior is desired if offline_credentials_expiration is specified in sssd.conf, as it lets the user know how long they have until they need to perform an online login or be locked out.

comment:5 Changed 7 years ago by orion

Well, upstream closed as wontfix. Not sure you want to weigh in there or not. Is there a different category of PAM_TEXT_* messages that would indicate more importance and the need for confirmation (expiration for e.g.)?

comment:6 Changed 7 years ago by sgallagh

I'm not opposed to making this message optional.

I propose the following behavior: Add a new option: pam_verbosity which will default to zero (which means only important messages, like the offline expiration warnings)

We will have the "Authenticated with cached credentials message" (without expiration warning) appear at a higher verbosity.

comment:7 Changed 7 years ago by sgallagh

  • Owner changed from sbose to somebody
  • doc changed from 0 to 1
  • tests changed from 0 to 1
  • Milestone changed from NEEDS_TRIAGE to SSSD 1.5.0

Time is limited for 1.4.0. Targeting 1.5.0.

If time permits, we will pull it up to 1.4.0.

comment:8 Changed 6 years ago by dpal

  • Priority changed from minor to major

comment:9 Changed 6 years ago by sbose

  • Owner changed from somebody to sbose

comment:10 Changed 6 years ago by sbose

  • Status changed from new to closed
  • Resolution set to fixed

comment:11 Changed 5 years ago by dpal

  • Red Hat Bugzilla set to 0
Note: See TracTickets for help on using tickets.