design pages: Passwordless-GDM integration #79
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ikerexxe
commented
Jan 17, 2024
ikerexxe
force-pushed
the
passwordless-gdm
branch
12 times, most recently
from
3675076 to
232ed04
Compare
ikerexxe
force-pushed
the
passwordless-gdm
branch
4 times, most recently
from
eaab5be to
a1a1e9d
Compare
ikerexxe
force-pushed
the
passwordless-gdm
branch
from
a1a1e9d to
7806edd
Compare
ikerexxe
force-pushed
the
passwordless-gdm
branch
2 times, most recently
from
cf717a9 to
121084d
Compare
ikerexxe
force-pushed
the
passwordless-gdm
branch
3 times, most recently
from
8a027cb to
80fad61
Compare
ikerexxe
force-pushed
the
passwordless-gdm
branch
2 times, most recently
from
de1c99b to
583338b
Compare
ikerexxe
force-pushed
the
passwordless-gdm
branch
from
583338b to
2d5f0e0
Compare
abbra
reviewed
Jul 9, 2024
ikerexxe
force-pushed
the
passwordless-gdm
branch
from
4ead993 to
5182f66
Compare
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this pull request
Nov 24, 2025
Add a note to clarify that 2FA isn't supported in JSON protocol and fix
man page compilation for `pam_json_services` option.
:feature: Unified passwordless login in the GUI. SSSD now supports a
rich authentication selection interface. Users can login with
smartcards, passkey, External IdPs and passwords directly
within the graphical user interface.
:packaging: SSSD now supports authentication mechanism selection through
PAM using a JSON-based protocol. This feature enables
passwordless authentication mechanisms in GUI login
environments that support the protocol.
Feature will be supported by GNOME Display Manager (GDM)
starting with GNOME 50. While currently optimized for GNOME,
the JSON protocol design allows for future support in other
display managers.
authselect is the recommended approach and will handle the
necessary PAM stack modifications automatically starting
with version 1.7 through the new option `with-switch-auth`
which provides a new PAM service called `switchable-auth`.
Manual PAM configuration is also possible.
For more technical details and implementation specifications,
see the design documentation:
SSSD/sssd.io#79
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this pull request
Nov 27, 2025
Add a note to clarify that 2FA isn't supported in JSON protocol and fix
man page compilation for `pam_json_services` option.
:feature: Unified passwordless login in the GUI. SSSD now supports a
rich authentication selection interface. Users can login with
smartcards, passkey, External IdPs and passwords directly
within the graphical user interface.
:packaging: SSSD now supports authentication mechanism selection through
PAM using a JSON-based protocol. This feature enables
passwordless authentication mechanisms in GUI login
environments that support the protocol.
Feature will be supported by GNOME Display Manager (GDM)
starting with GNOME 50. While currently optimized for GNOME,
the JSON protocol design allows for future support in other
display managers.
authselect is the recommended approach and will handle the
necessary PAM stack modifications automatically starting
with version 1.7 through the new option `with-switch-auth`
which provides a new PAM service called `switchable-auth`.
Manual PAM configuration is also possible.
For more technical details and implementation specifications,
see the design documentation:
SSSD/sssd.io#79
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this pull request
Dec 1, 2025
Add a note to clarify that 2FA isn't supported in JSON protocol and fix
man page compilation for `pam_json_services` option.
:feature: Unified passwordless login in the GUI. SSSD now supports a
rich authentication selection interface. Users can login with
smartcards, passkey, External IdPs and passwords directly
within the graphical user interface.
:packaging: SSSD now supports authentication mechanism selection through
PAM using a JSON-based protocol. This feature enables
passwordless authentication mechanisms in GUI login
environments that support the protocol.
Feature will be supported by GNOME Display Manager (GDM)
starting with GNOME 50. While currently optimized for GNOME,
the JSON protocol design allows for future support in other
display managers.
authselect is the recommended approach and will handle the
necessary PAM stack modifications automatically starting
with version 1.7 through the new option `with-switch-auth`
which provides a new PAM service called `switchable-auth`.
Manual PAM configuration is also possible.
For more technical details and implementation specifications,
see the design documentation:
SSSD/sssd.io#79
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this pull request
Dec 4, 2025
Add a note to clarify that 2FA isn't supported in JSON protocol and fix
man page compilation for `pam_json_services` option.
:feature: Unified passwordless login in the GUI. SSSD now supports a
rich authentication selection interface. Users can login with
smartcards, passkey, External IdPs and passwords directly
within the graphical user interface.
:packaging: SSSD now supports authentication mechanism selection through
PAM using a JSON-based protocol. This feature enables
passwordless authentication mechanisms in GUI login
environments that support the protocol.
Feature will be supported by GNOME Display Manager (GDM)
starting with GNOME 50. While currently optimized for GNOME,
the JSON protocol design allows for future support in other
display managers.
authselect is the recommended approach and will handle the
necessary PAM stack modifications automatically starting
with version 1.7 through the new option `with-switch-auth`
which provides a new PAM service called `switchable-auth`.
Manual PAM configuration is also possible.
For more technical details and implementation specifications,
see the design documentation:
SSSD/sssd.io#79
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
sssd-bot
pushed a commit
to ikerexxe/sssd
that referenced
this pull request
Dec 4, 2025
Add a note to clarify that 2FA isn't supported in JSON protocol and fix
man page compilation for `pam_json_services` option.
:feature: Unified passwordless login in the GUI. SSSD now supports a
rich authentication selection interface. Users can login with
smartcards, passkey, External IdPs and passwords directly
within the graphical user interface.
:packaging: SSSD now supports authentication mechanism selection through
PAM using a JSON-based protocol. This feature enables
passwordless authentication mechanisms in GUI login
environments that support the protocol.
Feature will be supported by GNOME Display Manager (GDM)
starting with GNOME 50. While currently optimized for GNOME,
the JSON protocol design allows for future support in other
display managers.
authselect is the recommended approach and will handle the
necessary PAM stack modifications automatically starting
with version 1.7 through the new option `with-switch-auth`
which provides a new PAM service called `switchable-auth`.
Manual PAM configuration is also possible.
For more technical details and implementation specifications,
see the design documentation:
SSSD/sssd.io#79
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
ikerexxe
added a commit
to SSSD/sssd
that referenced
this pull request
Dec 4, 2025
Add a note to clarify that 2FA isn't supported in JSON protocol and fix
man page compilation for `pam_json_services` option.
:feature: Unified passwordless login in the GUI. SSSD now supports a
rich authentication selection interface. Users can login with
smartcards, passkey, External IdPs and passwords directly
within the graphical user interface.
:packaging: SSSD now supports authentication mechanism selection through
PAM using a JSON-based protocol. This feature enables
passwordless authentication mechanisms in GUI login
environments that support the protocol.
Feature will be supported by GNOME Display Manager (GDM)
starting with GNOME 50. While currently optimized for GNOME,
the JSON protocol design allows for future support in other
display managers.
authselect is the recommended approach and will handle the
necessary PAM stack modifications automatically starting
with version 1.7 through the new option `with-switch-auth`
which provides a new PAM service called `switchable-auth`.
Manual PAM configuration is also possible.
For more technical details and implementation specifications,
see the design documentation:
SSSD/sssd.io#79
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Contributor
|
@ikerexxe once released will Passwordless GDM supported package versions be added to to this design page? (SSSD, GDM, authselect) |
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this pull request
Dec 4, 2025
Add a note to clarify that 2FA isn't supported in JSON protocol and fix
man page compilation for `pam_json_services` option.
:feature: Unified passwordless login in the GUI. SSSD now supports a
rich authentication selection interface. Users can login with
smartcards, passkey, External IdPs and passwords directly
within the graphical user interface.
:packaging: SSSD now supports authentication mechanism selection through
PAM using a JSON-based protocol. This feature enables
passwordless authentication mechanisms in GUI login
environments that support the protocol.
Feature will be supported by GNOME Display Manager (GDM)
starting with GNOME 50. While currently optimized for GNOME,
the JSON protocol design allows for future support in other
display managers.
authselect is the recommended approach and will handle the
necessary PAM stack modifications automatically starting
with version 1.7 through the new option `with-switch-auth`
which provides a new PAM service called `switchable-auth`.
Manual PAM configuration is also possible.
For more technical details and implementation specifications,
see the design documentation:
SSSD/sssd.io#79
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
force-pushed
the
passwordless-gdm
branch
from
5182f66 to
1732c3c
Compare
Contributor
Author
@justin-stephenson it makes sense so I added those at the end |
justin-stephenson
previously approved these changes
Dec 5, 2025
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this pull request
Dec 12, 2025
Add a note to clarify that 2FA isn't supported in JSON protocol and fix
man page compilation for `pam_json_services` option.
:feature: Unified passwordless login in the GUI. SSSD now supports a
rich authentication selection interface. Users can login with
smartcards, passkey, External IdPs and passwords directly
within the graphical user interface.
:packaging: SSSD now supports authentication mechanism selection through
PAM using a JSON-based protocol. This feature enables
passwordless authentication mechanisms in GUI login
environments that support the protocol.
Feature will be supported by GNOME Display Manager (GDM)
starting with GNOME 50. While currently optimized for GNOME,
the JSON protocol design allows for future support in other
display managers.
authselect is the recommended approach and will handle the
necessary PAM stack modifications automatically starting
with version 1.7 through the new option `with-switch-auth`
which provides a new PAM service called `switchable-auth`.
Manual PAM configuration is also possible.
For more technical details and implementation specifications,
see the design documentation:
SSSD/sssd.io#79
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
sumit-bose
reviewed
Dec 12, 2025
sumit-bose
reviewed
Dec 12, 2025
ikerexxe
force-pushed
the
passwordless-gdm
branch
from
1732c3c to
e3803c9
Compare
Contributor
Author
|
CI failure seems unrelated and I already have a fix for it at #97 |
Contributor
Thanks, can you rebase to get a green run. bye, |
Passwordless authentication from the GUI. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
force-pushed
the
passwordless-gdm
branch
from
e3803c9 to
46609e8
Compare
Contributor
Author
|
Done |
sumit-bose
approved these changes
Dec 12, 2025
Contributor
sumit-bose
left a comment
sumit-bose
left a comment
There was a problem hiding this comment.
Hi,
thank you for the updates, ACK.
bye,
Sumit
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this pull request
Dec 24, 2025
Add a note to clarify that 2FA isn't supported in JSON protocol and fix
man page compilation for `pam_json_services` option.
:feature: Unified passwordless login in the GUI. SSSD now supports a
rich authentication selection interface. Users can login with
smartcards, passkey, External IdPs and passwords directly
within the graphical user interface.
:packaging: SSSD now supports authentication mechanism selection through
PAM using a JSON-based protocol. This feature enables
passwordless authentication mechanisms in GUI login
environments that support the protocol.
Feature will be supported by GNOME Display Manager (GDM)
starting with GNOME 50. While currently optimized for GNOME,
the JSON protocol design allows for future support in other
display managers.
authselect is the recommended approach and will handle the
necessary PAM stack modifications automatically starting
with version 1.7 through the new option `with-switch-auth`
which provides a new PAM service called `switchable-auth`.
Manual PAM configuration is also possible.
For more technical details and implementation specifications,
see the design documentation:
SSSD/sssd.io#79
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Passwordless authentication from the GUI.