Smartcard login recently broke

Been using my DOD smartcard to login to various RL8.6, 8.7, 9.0. and 9.1 systems the last couple of months. Last week it started failing. The only error I’m seeing in the logs is in /var/log/secure:

gdm-smartcard][2148659]: pam_sss(gdm-smartcard:auth): User info message: Please (re)insert (different) Smartcard

My smartcard hasn’t changed in a year or two. My account in ipa hasn’t changed as well. I can login using password. Using the smartcard to login to web resources works, I can use it to digitally sign and encrypt emails. I know the smartcard reader and the smartcard itself are working.

Watched the krb5kdc.log on the ipa server while attempting a login and saw no entries during the smartcard login attempt but did see the expected entries when I then logged on with password.

Anyone know where I might start looking to find the problem?

That sounds like a lot of different systems, are you saying they all broke at once?

I can’t say if they all broke at once. Once it started it seemed to be wide spread across the Rocky systems.

I was able to authenticate with smartcard on one of the CentOS 7 systems that are on the same network, same IPA domain. It could be something wrong with my IPA account but I don’t think so since I can still authenticate with a password and nothing has changed recently with my account. Another user tried with his smartcard and got the same behavior. I did check that the certificate on my smartcard matches what’s on my IPA account and is valid.