Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 162519 - Problems with xscreensaver and pam_opensc
Summary: Problems with xscreensaver and pam_opensc
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: opensc
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Ville Skyttä
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-07-05 19:32 UTC by Andreas Thienemann
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-01-19 18:29:58 UTC


Attachments (Terms of Use)

Description Andreas Thienemann 2005-07-05 19:32:58 UTC
There seems to be a problem with xscreensaver and pam_opensc-0.9.6-2.

I'm using pam_opensc for required authentication on a system here, which works
fine. The pam.d/system-auth has the following line:
auth        sufficient    /lib/security/$ISA/pam_opensc.so

This works for everything from login, to gdm. Only xscreensaver seems to have
problems with this pam_module and won't unlock a screen:

Jul  5 21:28:28 bofh xscreensaver(pam_opensc)[4103]: username [andreas] obtained
Jul  5 21:28:28 bofh xscreensaver(pam_opensc)[4103]: get_certificate failed.
Jul  5 21:28:28 bofh xscreensaver(pam_opensc)[4103]: Authentication failed for
andreas at :0.0.
Jul  5 21:28:32 bofh xscreensaver(pam_opensc)[4103]: username [root] obtained
Jul  5 21:28:32 bofh xscreensaver(pam_opensc)[4103]: Authentication failed for
root at :0.0.
Jul  5 21:28:32 bofh xscreensaver[4103]: FAILED LOGIN 1 ON DISPLAY ":0.0", FOR
"andreas"


adding the parameters debug and audit to the pam_opensc module does
unfortunately not result in further logging.


On a related note: You should request pam_opensc being added to bugzilla as
well. It's a single package.

Comment 1 Ville Skyttä 2005-07-05 20:33:36 UTC
Only source rpm names are Bugzilla components, and pam_opensc one is built 
from the opensc source rpm. 
 
Regarding the problem, I'm not able to test that right now, but a WAG: is 
there by chance traces of anything related in your /var/log/audit/audit.log? 

Comment 2 Ville Skyttä 2005-07-05 20:55:08 UTC
Forgot to mention that in case this turns out to be a bug in pam_opensc, not 
the packaging, our chances of getting upstream help to fix it are kind of 
thin; it looks pretty strongly like they're dropping pam_opensc from the next 
release. 
 
The replacement will probably be pam_pkcs11 which is currently separately 
maintained by separate upstreams; I have a package of an oldish version of it, 
which I'll update and push to Extras if that's the way it'll be.  And that'd 
be a bit painful upgrade :( 

Comment 3 Andreas Thienemann 2005-07-05 21:16:09 UTC
Nothing in the audit-log.

Sucks...

Comment 4 Christian Iseli 2007-01-19 07:21:56 UTC
This bug hasn't been updated in a long time and targets FE devel.
Could you please check that it still occurs with current FE devel and update
accordingly ?

Thanks.

Comment 5 Ville Skyttä 2007-01-19 18:29:58 UTC
pam_opensc was dropped by upstream in opensc 0.10.0 (maps to FE5+).  I gather
pam_pkcs11 should be used nowadays instead.


Note You need to log in before you can comment on or make changes to this bug.