|Summary:||Problems with xscreensaver and pam_opensc|
|Product:||[Fedora] Fedora||Reporter:||Andreas Thienemann <andreas>|
|Component:||opensc||Assignee:||Ville Skyttä <scop>|
|Status:||CLOSED WONTFIX||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2007-01-19 18:29:58 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description Andreas Thienemann 2005-07-05 19:32:58 UTC
There seems to be a problem with xscreensaver and pam_opensc-0.9.6-2. I'm using pam_opensc for required authentication on a system here, which works fine. The pam.d/system-auth has the following line: auth sufficient /lib/security/$ISA/pam_opensc.so This works for everything from login, to gdm. Only xscreensaver seems to have problems with this pam_module and won't unlock a screen: Jul 5 21:28:28 bofh xscreensaver(pam_opensc): username [andreas] obtained Jul 5 21:28:28 bofh xscreensaver(pam_opensc): get_certificate failed. Jul 5 21:28:28 bofh xscreensaver(pam_opensc): Authentication failed for andreas at :0.0. Jul 5 21:28:32 bofh xscreensaver(pam_opensc): username [root] obtained Jul 5 21:28:32 bofh xscreensaver(pam_opensc): Authentication failed for root at :0.0. Jul 5 21:28:32 bofh xscreensaver: FAILED LOGIN 1 ON DISPLAY ":0.0", FOR "andreas" adding the parameters debug and audit to the pam_opensc module does unfortunately not result in further logging. On a related note: You should request pam_opensc being added to bugzilla as well. It's a single package.
Comment 1 Ville Skyttä 2005-07-05 20:33:36 UTC
Only source rpm names are Bugzilla components, and pam_opensc one is built from the opensc source rpm. Regarding the problem, I'm not able to test that right now, but a WAG: is there by chance traces of anything related in your /var/log/audit/audit.log?
Comment 2 Ville Skyttä 2005-07-05 20:55:08 UTC
Forgot to mention that in case this turns out to be a bug in pam_opensc, not the packaging, our chances of getting upstream help to fix it are kind of thin; it looks pretty strongly like they're dropping pam_opensc from the next release. The replacement will probably be pam_pkcs11 which is currently separately maintained by separate upstreams; I have a package of an oldish version of it, which I'll update and push to Extras if that's the way it'll be. And that'd be a bit painful upgrade :(
Comment 3 Andreas Thienemann 2005-07-05 21:16:09 UTC
Nothing in the audit-log. Sucks...
Comment 4 Christian Iseli 2007-01-19 07:21:56 UTC
This bug hasn't been updated in a long time and targets FE devel. Could you please check that it still occurs with current FE devel and update accordingly ? Thanks.
Comment 5 Ville Skyttä 2007-01-19 18:29:58 UTC
pam_opensc was dropped by upstream in opensc 0.10.0 (maps to FE5+). I gather pam_pkcs11 should be used nowadays instead.