GDM Now Considers a Yubikey as a Smart Card and Won't Allow Yubikey Authentication for Logins (21.04)

[timnolte]

Distribution (run cat /etc/os-release):

I'm not on that machine currently, it is a System76 Oryx Pro 6 with Pop_OS! 21.04 with all of the updates.

Related Application and/or Package Version (run apt policy $PACKAGE NAME):

GDM seems to the the problem application.

Issue/Bug Description: Prior to the 21.04 update I had a proper working setup using a U2F Yubkey as a second factor for all of my logins, including GDM GUI logins. I had use the following guide: https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F

After the 21.04 update my Yubikey is now seen as a Smart Card by GDM and I can no longer login with my Yubikey as a second factor. I was forced to remove the use of the U2F PAM module for GDM. There is some additional Smart Card integration with GDM that doesn't function properly with Yubikeys and there seems to be no way to disable the functionality to restore things to the way they functioned pre-21.04.

Steps to reproduce (if you know):

1. Upgrade a system to 21.04. (I'm not sure if it is upgrade related or if a fresh install of 21.04 produces the same issue.
2. Insert a Yubikey into a USB slot.
3. Observe that the Yubikey is seen as a Smart Card and will only function that way with no ability to login using the U2F PAM module configured with GDM.

Expected behavior:

A Yubikey shouldn't be seen as a Smart Card unless configured as such. I should be able to login with my username/password then have my U2F device flash waiting for a touch as it did pre-21.04.

Other Notes:

Additional reports of this same issue: https://www.reddit.com/r/pop_os/comments/odmgvq/how_to_disable_smartcard_login/

[adiroiban]

I have fixed this for yubikey-u2f login by using this askubuntu answer https://askubuntu.com/a/1369690/5522

just disable smartcard from GDM

I hope it helps