PAM authentication with existing smart card?Pam face authentication terminal install went wrongCascading Authentication PAM loginPAM Module & nsswitch.confHow to use dell smart card keyboard RT7D60 in UbuntuPAM Authentication failure for snappyAD (PAM) authentication stopped working after security update

Trading stock more quickly vs. holding it

ASCII Expansion

I am a former model

Can only rich people become president?

replacing single quotes with double quote in a file

Function defined everywhere but continuous nowhere

Why can't my custom camera body focus to far distances?

Differences between vehicles used on the Moon and the ones used on Mars

is this true for an induction proof

Multithreading program stuck in optimized mode but runs normally in -O0

What is a rest stroke?

Does microwaving food create particles that are not created when warming food by conventional means?

What websites can be protected by an SSL certificate?

Why derailleur guard is present only on more affordable bicycles

Power supply - purpose of the capacitor on the side of the transformer before full bridge rectifier

Meaning of これでもかという forms

“These days are over” vs. “those days are over”

Can an employer be forced to allow an employee to bring a gun to work (Washington State)?

Tourist / simple city maps to print

Is it possible to have a healthy work-life balance as a professor?

How to write the sum of function inside LaTeX?

Why is the fact that Ukraine President Zelenskiy publicly admitted that Trump didn't pressure him whatsoever being ignored?

What does Google's claim of "Quantum Supremacy" mean for the question of BQP vs BPP vs NP?

Is 2FA via mobile phone still a good idea when phones are the most exposed device?



PAM authentication with existing smart card?


Pam face authentication terminal install went wrongCascading Authentication PAM loginPAM Module & nsswitch.confHow to use dell smart card keyboard RT7D60 in UbuntuPAM Authentication failure for snappyAD (PAM) authentication stopped working after security update






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;









0

















I have followed this tutorial to the point where PAM asks for my smartcard and pin on sudo -i, but then it says 



Smart card PIN: 
DEBUG:pkcs11_lib.c:1405: login as user CKU_USER
DEBUG:pkcs11_lib.c:1599: Saving Certificate #1:
DEBUG:pkcs11_lib.c:1601: - type: 00
DEBUG:pkcs11_lib.c:1602: - id: 00
DEBUG:pkcs11_lib.c:1599: Saving Certificate #2:
DEBUG:pkcs11_lib.c:1601: - type: 00
DEBUG:pkcs11_lib.c:1602: - id: 00
DEBUG:pkcs11_lib.c:1599: Saving Certificate #3:
DEBUG:pkcs11_lib.c:1601: - type: 00
DEBUG:pkcs11_lib.c:1602: - id: 00
DEBUG:pkcs11_lib.c:1634: Found 3 certificates in token
DEBUG:mapper_mgr.c:172: Retrieveing mapper module list
DEBUG:mapper_mgr.c:73: Loading static module for mapper 'pwent'
DEBUG:mapper_mgr.c:196: Inserting mapper [pwent] into list
DEBUG:pam_pkcs11.c:578: verifying the certificate #1
verifying certificate
DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
DEBUG:pam_pkcs11.c:578: verifying the certificate #2
verifying certificate
DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
DEBUG:pam_pkcs11.c:578: verifying the certificate #3
verifying certificate
DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
ERROR:pam_pkcs11.c:673: no valid certificate which meets all requirements found
Error 2336: No matching certificate found
DEBUG:mapper_mgr.c:213: unloading mapper module list
DEBUG:mapper_mgr.c:137: calling mapper_module_end() pwent
DEBUG:mapper_mgr.c:148: Module pwent is static: don't remove
DEBUG:pkcs11_lib.c:1465: logout user
DEBUG:pkcs11_lib.c:1472: closing the PKCS #11 session
DEBUG:pkcs11_lib.c:1478: releasing keys and certificates


The card has a few X.509 certs and a few RSA keys on it that I need to keep. How can I tell PAM that the current keys are what I want as my user?



Also
cd /etc/pam_pkcs11/cacerts
sudo pkcs11_make_hash_link
was unable to find the script, and when I manually created it from the github it only found itself thus threw an error






authentication pam smartcard







share|improve this question
































    0

















    I have followed this tutorial to the point where PAM asks for my smartcard and pin on sudo -i, but then it says 



    Smart card PIN: 
    DEBUG:pkcs11_lib.c:1405: login as user CKU_USER
    DEBUG:pkcs11_lib.c:1599: Saving Certificate #1:
    DEBUG:pkcs11_lib.c:1601: - type: 00
    DEBUG:pkcs11_lib.c:1602: - id: 00
    DEBUG:pkcs11_lib.c:1599: Saving Certificate #2:
    DEBUG:pkcs11_lib.c:1601: - type: 00
    DEBUG:pkcs11_lib.c:1602: - id: 00
    DEBUG:pkcs11_lib.c:1599: Saving Certificate #3:
    DEBUG:pkcs11_lib.c:1601: - type: 00
    DEBUG:pkcs11_lib.c:1602: - id: 00
    DEBUG:pkcs11_lib.c:1634: Found 3 certificates in token
    DEBUG:mapper_mgr.c:172: Retrieveing mapper module list
    DEBUG:mapper_mgr.c:73: Loading static module for mapper 'pwent'
    DEBUG:mapper_mgr.c:196: Inserting mapper [pwent] into list
    DEBUG:pam_pkcs11.c:578: verifying the certificate #1
    verifying certificate
    DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
    DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
    DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
    DEBUG:pam_pkcs11.c:578: verifying the certificate #2
    verifying certificate
    DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
    DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
    DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
    DEBUG:pam_pkcs11.c:578: verifying the certificate #3
    verifying certificate
    DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
    DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
    DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
    ERROR:pam_pkcs11.c:673: no valid certificate which meets all requirements found
    Error 2336: No matching certificate found
    DEBUG:mapper_mgr.c:213: unloading mapper module list
    DEBUG:mapper_mgr.c:137: calling mapper_module_end() pwent
    DEBUG:mapper_mgr.c:148: Module pwent is static: don't remove
    DEBUG:pkcs11_lib.c:1465: logout user
    DEBUG:pkcs11_lib.c:1472: closing the PKCS #11 session
    DEBUG:pkcs11_lib.c:1478: releasing keys and certificates


    The card has a few X.509 certs and a few RSA keys on it that I need to keep. How can I tell PAM that the current keys are what I want as my user?



    Also
    cd /etc/pam_pkcs11/cacerts
    sudo pkcs11_make_hash_link
    was unable to find the script, and when I manually created it from the github it only found itself thus threw an error






    authentication pam smartcard







    share|improve this question




























      0












      0








      0








      I have followed this tutorial to the point where PAM asks for my smartcard and pin on sudo -i, but then it says 



      Smart card PIN: 
      DEBUG:pkcs11_lib.c:1405: login as user CKU_USER
      DEBUG:pkcs11_lib.c:1599: Saving Certificate #1:
      DEBUG:pkcs11_lib.c:1601: - type: 00
      DEBUG:pkcs11_lib.c:1602: - id: 00
      DEBUG:pkcs11_lib.c:1599: Saving Certificate #2:
      DEBUG:pkcs11_lib.c:1601: - type: 00
      DEBUG:pkcs11_lib.c:1602: - id: 00
      DEBUG:pkcs11_lib.c:1599: Saving Certificate #3:
      DEBUG:pkcs11_lib.c:1601: - type: 00
      DEBUG:pkcs11_lib.c:1602: - id: 00
      DEBUG:pkcs11_lib.c:1634: Found 3 certificates in token
      DEBUG:mapper_mgr.c:172: Retrieveing mapper module list
      DEBUG:mapper_mgr.c:73: Loading static module for mapper 'pwent'
      DEBUG:mapper_mgr.c:196: Inserting mapper [pwent] into list
      DEBUG:pam_pkcs11.c:578: verifying the certificate #1
      verifying certificate
      DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
      DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
      DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
      DEBUG:pam_pkcs11.c:578: verifying the certificate #2
      verifying certificate
      DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
      DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
      DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
      DEBUG:pam_pkcs11.c:578: verifying the certificate #3
      verifying certificate
      DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
      DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
      DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
      ERROR:pam_pkcs11.c:673: no valid certificate which meets all requirements found
      Error 2336: No matching certificate found
      DEBUG:mapper_mgr.c:213: unloading mapper module list
      DEBUG:mapper_mgr.c:137: calling mapper_module_end() pwent
      DEBUG:mapper_mgr.c:148: Module pwent is static: don't remove
      DEBUG:pkcs11_lib.c:1465: logout user
      DEBUG:pkcs11_lib.c:1472: closing the PKCS #11 session
      DEBUG:pkcs11_lib.c:1478: releasing keys and certificates


      The card has a few X.509 certs and a few RSA keys on it that I need to keep. How can I tell PAM that the current keys are what I want as my user?



      Also
      cd /etc/pam_pkcs11/cacerts
      sudo pkcs11_make_hash_link
      was unable to find the script, and when I manually created it from the github it only found itself thus threw an error






      authentication pam smartcard







      share|improve this question















      I have followed this tutorial to the point where PAM asks for my smartcard and pin on sudo -i, but then it says 



      Smart card PIN: 
      DEBUG:pkcs11_lib.c:1405: login as user CKU_USER
      DEBUG:pkcs11_lib.c:1599: Saving Certificate #1:
      DEBUG:pkcs11_lib.c:1601: - type: 00
      DEBUG:pkcs11_lib.c:1602: - id: 00
      DEBUG:pkcs11_lib.c:1599: Saving Certificate #2:
      DEBUG:pkcs11_lib.c:1601: - type: 00
      DEBUG:pkcs11_lib.c:1602: - id: 00
      DEBUG:pkcs11_lib.c:1599: Saving Certificate #3:
      DEBUG:pkcs11_lib.c:1601: - type: 00
      DEBUG:pkcs11_lib.c:1602: - id: 00
      DEBUG:pkcs11_lib.c:1634: Found 3 certificates in token
      DEBUG:mapper_mgr.c:172: Retrieveing mapper module list
      DEBUG:mapper_mgr.c:73: Loading static module for mapper 'pwent'
      DEBUG:mapper_mgr.c:196: Inserting mapper [pwent] into list
      DEBUG:pam_pkcs11.c:578: verifying the certificate #1
      verifying certificate
      DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
      DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
      DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
      DEBUG:pam_pkcs11.c:578: verifying the certificate #2
      verifying certificate
      DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
      DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
      DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
      DEBUG:pam_pkcs11.c:578: verifying the certificate #3
      verifying certificate
      DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
      DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
      DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
      ERROR:pam_pkcs11.c:673: no valid certificate which meets all requirements found
      Error 2336: No matching certificate found
      DEBUG:mapper_mgr.c:213: unloading mapper module list
      DEBUG:mapper_mgr.c:137: calling mapper_module_end() pwent
      DEBUG:mapper_mgr.c:148: Module pwent is static: don't remove
      DEBUG:pkcs11_lib.c:1465: logout user
      DEBUG:pkcs11_lib.c:1472: closing the PKCS #11 session
      DEBUG:pkcs11_lib.c:1478: releasing keys and certificates


      The card has a few X.509 certs and a few RSA keys on it that I need to keep. How can I tell PAM that the current keys are what I want as my user?



      Also
      cd /etc/pam_pkcs11/cacerts
      sudo pkcs11_make_hash_link
      was unable to find the script, and when I manually created it from the github it only found itself thus threw an error






      authentication pam smartcard




      authentication pam smartcard






      share|improve this question














      share|improve this question











      share|improve this question




      share|improve this question










      asked Jun 14 at 14:14









      NeywinyNeywiny

      1




      1























          0






          active

          oldest

          votes













          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "89"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );














          draft saved

          draft discarded
















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1151082%2fpam-authentication-with-existing-smart-card%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown


























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1151082%2fpam-authentication-with-existing-smart-card%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown









          -

          Popular posts from this blog

          Tamil (spriik) Luke uk diar | Nawigatjuun

          Image
          Fering ArtiikelDrawiidisk Spriiken SölringÖömrangFeringHalunderHalifreeskMooringWiringhiirderKarhiirderGooshiirderDrawiidisk SpriikTamil NaduIndienSri Lanka (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u003Eu003Cdiv class="mw-dismissable-notice-close"u003E[u003Ca tabindex="0" role="button"u003EFersteegu003C/au003E]u003C/divu003Eu003Cdiv class="mw-dismissable-notice-body"u003Eu003Cdiv id="localNotice" lang="frr" dir="ltr"u003Eu003Cdiv id="sitenotice"u003Enu003Ccenteru003Enu003Ctable class="rahmenfarbe4" style="border-style: solid; border-width: thin; width: 70%;"u003Ennu003Ctbodyu003Eu003Ctru003Enu003Ctd style="text-align:center;"u003Eu003Ca href="/wiki/Datei:Nordfriesischeflagge.svg" class="image"u003Eu003Cimg alt="Nordfriesische
          Read more

          Align equal signs while including text over equalitiesAMS align: left aligned text/math plus multicolumn alignmentMultiple alignmentsAligning equations in multiple placesNumbering and aligning an equation with multiple columnsHow to align one equation with another multline equationUsing \ in environments inside the begintabularxNumber equations and preserving alignment of equal signsHow can I align equations to the left and to the right?Double equation alignment problem within align enviromentAligned within align: Why are they right-aligned?

          Image
          Why didn't the Universal Translator speak whale? What is /dev/null and why can't I use hx on it? The work of mathematicians outside their professional environment Does the DOJ's declining to investigate the Trump-Zelensky call ruin the basis for impeachment? Are there any tricks to pushing a grand piano? Maintaining distance Does it require less energy to reach the Sun from Pluto's orbit than from Earth's orbit? Object Oriented Design: Where to place behavior that pertains to more than one type of object? Choice of solvent during thin layer chromatography How to catch creatures that can predict the next few minutes? Use floats or doubles when writing mobile games How come the Russian cognate for the Czech word "čerstvý" (fresh) means entirely the opposite thing (stale)? What are the limits on an impeached and not convicted president? How to calculate Limit of this sequence Bash-script as linux-service won't run, but executed
          Read more

          Where does the image of a data connector as a sharp metal spike originate from?Where does the concept of infected people turning into zombies only after death originate from?Where does the motif of a reanimated human head originate?Where did the notion that Dragons could speak originate?Where does the archetypal image of the 'Grey' alien come from?Where did the suffix '-Man' originate?Where does the notion of being injured or killed by an illusion originate?Where did the term “sophont” originate?Where does the trope of magic spells being driven by advanced technology originate from?Where did the term “the living impaired” originate?

          Image
          Automatically extend a Python list to N elements if it's too short? Fired for a policy I didnt know about, as well as another false reason Why isn't tilde recognised as home folder in this case? When does an Artillerist's Cannon have disadvantage? How large should a hole be for a bolt to go through? When is TeX better than LaTeX? How to determine if drill is suitable for concrete? Huygens Lander: Why The Short Battery Life? Why do people use bigger cassettes for lower gearing when they could instead use smaller chainrings? Is there a difference between downloading / installing a list of packages and downloading each packge by its own? Question about exercise 21.10 in The TeXbook How to publish a page using tridion core service client in sdl web 8.5 Can one get into trouble if one doesn't show up at the gate 30 minutes before departure (or whatever time window the boarding pass is indicating)? Does an action-reaction pair always contain the same
          Read more