Why does root user fail to login with password when all users are forced to login with smart card?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 8.x
  • smart card

Issue

  • root user is unable to login without smart card

Resolution

  • This is a known issue. It is being tracked under Red Hat Bugzilla 1845640. Open a service ticket for more information on it through the Red Hat Customer Portal.

Diagnostic Steps

  • To force all users login with smart card
 # authselect select sssd with-smartcard with-smartcard-required --force
 # authselect current
Profile ID: sssd
Enabled features:
- with-mkhomedir
- with-smartcard
- with-pamaccess
- with-smartcard-required
  • Workaround:
 # authselect select sssd with-smartcard with-smartcard-lock-on-removal --force

 # systemctl stop sssd; rm -rf /var/lib/sss/{db,mc}/*; systemctl start sssd

Note: With workaround root user can login with the password but other users are also able to login with password.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.