mikedep333/cdc_integration

Project ID: 18168

Description

Modified packages from RHEL/CentOS (& possibly Fedora or EPEL in the future) for better integration with Centrify DirectControl.

Unofficial and unsupported by Centrify, Red Hat, and CentOS. I do intend to show these packages to Centrify at least.

Currently only gnome-shell is modified for compatibility with CentrifyDC with smart card support enabled. (It will work fine if you use password auth too, but it is only needed if you use smart card.) It resolves the severe issue whereby when you login to gnome with smart card, you have to select "switch user" to unlock your session. The bug is documented in these 2 URLs:

https://centrify.force.com/support/Article/KB-7415-Unable-to-unlock-screen-with-Smart-Card-on-RHEL-7/

https://bugzilla.redhat.com/show_bug.cgi?id=1238342

The fix works by making gnome-shell, when running as your lock screen rather than running under gdm, identify itself to PAM with the service name gnome-screensaver (like the lock screen on RHEL6) rather than gdm-smartcard. This triggers different code paths in CentrifyDC and/or the other PAM config files. It does not require the EPEL gnome-screensaver package to be installed, but it can exist alongside it.

Source RPM packaging is available via the "Homepage" link in copr. I imported it from CentOS git, which is imported from verbatim from RHEL 7.4 for this package. I then made commits on top of CentOS's history. copr is building from the GitHub repo directly.

Installation Instructions

For RHEL7/CentOS7:

  1. Standard step for adding the copr repo:

wget -O /etc/yum.repos.d/mikedep333-cdc_integration-epel-7.repo https://copr.fedorainfracloud.org/coprs/mikedep333/cdc_integration/repo/epel-7/mikedep333-cdc_integration-epel-7.repo

(If you are using Red Hat Satellite or Foreman/Katello, you can mirror this repo.)

  1. As root, with sudo or dzdo:

yum update "gnome-shell*"

And accept the GPG key for the repo.

  1. If you are logged into GNOME (regular or Classic), you will need to log out & log back in for it to take effect.

  2. For it to take effect, you will usually need to restart the centrifydc service (or reboot.) You might need to run the following instead: sctool -d sctool -e

You will know this is completed once /etc/pam.d/gnome-screensaver contains the string "LINE ADDED BY SCTOOL - PLEASE DO NOT REMOVE"

  1. Be prepared for any updates from RHEL/CentOS to replace this until I update it. You can prevent this by using yum-plugin-versionlock for example.

  2. When CentOS 7.5 comes out & copr can build packages for it, I will release updated packages here. RHEL 7.5 beta is using gnome-shell 3.26.x, and I have a working/tested modified version of it in the homepage's git repo on a branch. Because other parts of the OS/GNOME were updated, I cannot build & host it via copr (easily/reliably) until CentOS 7.5 comes out.

Active Releases

The following unofficial repositories are provided as-is by owner of this project. Contact the owner directly for bugs or issues (IE: not bugzilla).

Release Architectures Repo Download
EPEL 7 x86_64 (25)* EPEL 7 (155 downloads)

* Total number of downloaded packages.