PAM authentication with existing smart card?Pam face authentication terminal install went wrongCascading Authentication PAM loginPAM Module & nsswitch.confHow to use dell smart card keyboard RT7D60 in UbuntuPAM Authentication failure for snappyAD (PAM) authentication stopped working after security update

Trading stock more quickly vs. holding it

ASCII Expansion

I am a former model

Can only rich people become president?

replacing single quotes with double quote in a file

Function defined everywhere but continuous nowhere

Why can't my custom camera body focus to far distances?

Differences between vehicles used on the Moon and the ones used on Mars

is this true for an induction proof

Multithreading program stuck in optimized mode but runs normally in -O0

What is a rest stroke?

Does microwaving food create particles that are not created when warming food by conventional means?

What websites can be protected by an SSL certificate?

Why derailleur guard is present only on more affordable bicycles

Power supply - purpose of the capacitor on the side of the transformer before full bridge rectifier

Meaning of これでもかという forms

“These days are over” vs. “those days are over”

Can an employer be forced to allow an employee to bring a gun to work (Washington State)?

Tourist / simple city maps to print

Is it possible to have a healthy work-life balance as a professor?

How to write the sum of function inside LaTeX?

Why is the fact that Ukraine President Zelenskiy publicly admitted that Trump didn't pressure him whatsoever being ignored?

What does Google's claim of "Quantum Supremacy" mean for the question of BQP vs BPP vs NP?

Is 2FA via mobile phone still a good idea when phones are the most exposed device?



PAM authentication with existing smart card?


Pam face authentication terminal install went wrongCascading Authentication PAM loginPAM Module & nsswitch.confHow to use dell smart card keyboard RT7D60 in UbuntuPAM Authentication failure for snappyAD (PAM) authentication stopped working after security update






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;









0

















I have followed this tutorial to the point where PAM asks for my smartcard and pin on sudo -i, but then it says 



Smart card PIN: 
DEBUG:pkcs11_lib.c:1405: login as user CKU_USER
DEBUG:pkcs11_lib.c:1599: Saving Certificate #1:
DEBUG:pkcs11_lib.c:1601: - type: 00
DEBUG:pkcs11_lib.c:1602: - id: 00
DEBUG:pkcs11_lib.c:1599: Saving Certificate #2:
DEBUG:pkcs11_lib.c:1601: - type: 00
DEBUG:pkcs11_lib.c:1602: - id: 00
DEBUG:pkcs11_lib.c:1599: Saving Certificate #3:
DEBUG:pkcs11_lib.c:1601: - type: 00
DEBUG:pkcs11_lib.c:1602: - id: 00
DEBUG:pkcs11_lib.c:1634: Found 3 certificates in token
DEBUG:mapper_mgr.c:172: Retrieveing mapper module list
DEBUG:mapper_mgr.c:73: Loading static module for mapper 'pwent'
DEBUG:mapper_mgr.c:196: Inserting mapper [pwent] into list
DEBUG:pam_pkcs11.c:578: verifying the certificate #1
verifying certificate
DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
DEBUG:pam_pkcs11.c:578: verifying the certificate #2
verifying certificate
DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
DEBUG:pam_pkcs11.c:578: verifying the certificate #3
verifying certificate
DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
ERROR:pam_pkcs11.c:673: no valid certificate which meets all requirements found
Error 2336: No matching certificate found
DEBUG:mapper_mgr.c:213: unloading mapper module list
DEBUG:mapper_mgr.c:137: calling mapper_module_end() pwent
DEBUG:mapper_mgr.c:148: Module pwent is static: don't remove
DEBUG:pkcs11_lib.c:1465: logout user
DEBUG:pkcs11_lib.c:1472: closing the PKCS #11 session
DEBUG:pkcs11_lib.c:1478: releasing keys and certificates


The card has a few X.509 certs and a few RSA keys on it that I need to keep. How can I tell PAM that the current keys are what I want as my user?



Also
cd /etc/pam_pkcs11/cacerts
sudo pkcs11_make_hash_link
was unable to find the script, and when I manually created it from the github it only found itself thus threw an error






authentication pam smartcard







share|improve this question
































    0

















    I have followed this tutorial to the point where PAM asks for my smartcard and pin on sudo -i, but then it says 



    Smart card PIN: 
    DEBUG:pkcs11_lib.c:1405: login as user CKU_USER
    DEBUG:pkcs11_lib.c:1599: Saving Certificate #1:
    DEBUG:pkcs11_lib.c:1601: - type: 00
    DEBUG:pkcs11_lib.c:1602: - id: 00
    DEBUG:pkcs11_lib.c:1599: Saving Certificate #2:
    DEBUG:pkcs11_lib.c:1601: - type: 00
    DEBUG:pkcs11_lib.c:1602: - id: 00
    DEBUG:pkcs11_lib.c:1599: Saving Certificate #3:
    DEBUG:pkcs11_lib.c:1601: - type: 00
    DEBUG:pkcs11_lib.c:1602: - id: 00
    DEBUG:pkcs11_lib.c:1634: Found 3 certificates in token
    DEBUG:mapper_mgr.c:172: Retrieveing mapper module list
    DEBUG:mapper_mgr.c:73: Loading static module for mapper 'pwent'
    DEBUG:mapper_mgr.c:196: Inserting mapper [pwent] into list
    DEBUG:pam_pkcs11.c:578: verifying the certificate #1
    verifying certificate
    DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
    DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
    DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
    DEBUG:pam_pkcs11.c:578: verifying the certificate #2
    verifying certificate
    DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
    DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
    DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
    DEBUG:pam_pkcs11.c:578: verifying the certificate #3
    verifying certificate
    DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
    DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
    DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
    ERROR:pam_pkcs11.c:673: no valid certificate which meets all requirements found
    Error 2336: No matching certificate found
    DEBUG:mapper_mgr.c:213: unloading mapper module list
    DEBUG:mapper_mgr.c:137: calling mapper_module_end() pwent
    DEBUG:mapper_mgr.c:148: Module pwent is static: don't remove
    DEBUG:pkcs11_lib.c:1465: logout user
    DEBUG:pkcs11_lib.c:1472: closing the PKCS #11 session
    DEBUG:pkcs11_lib.c:1478: releasing keys and certificates


    The card has a few X.509 certs and a few RSA keys on it that I need to keep. How can I tell PAM that the current keys are what I want as my user?



    Also
    cd /etc/pam_pkcs11/cacerts
    sudo pkcs11_make_hash_link
    was unable to find the script, and when I manually created it from the github it only found itself thus threw an error






    authentication pam smartcard







    share|improve this question




























      0












      0








      0








      I have followed this tutorial to the point where PAM asks for my smartcard and pin on sudo -i, but then it says 



      Smart card PIN: 
      DEBUG:pkcs11_lib.c:1405: login as user CKU_USER
      DEBUG:pkcs11_lib.c:1599: Saving Certificate #1:
      DEBUG:pkcs11_lib.c:1601: - type: 00
      DEBUG:pkcs11_lib.c:1602: - id: 00
      DEBUG:pkcs11_lib.c:1599: Saving Certificate #2:
      DEBUG:pkcs11_lib.c:1601: - type: 00
      DEBUG:pkcs11_lib.c:1602: - id: 00
      DEBUG:pkcs11_lib.c:1599: Saving Certificate #3:
      DEBUG:pkcs11_lib.c:1601: - type: 00
      DEBUG:pkcs11_lib.c:1602: - id: 00
      DEBUG:pkcs11_lib.c:1634: Found 3 certificates in token
      DEBUG:mapper_mgr.c:172: Retrieveing mapper module list
      DEBUG:mapper_mgr.c:73: Loading static module for mapper 'pwent'
      DEBUG:mapper_mgr.c:196: Inserting mapper [pwent] into list
      DEBUG:pam_pkcs11.c:578: verifying the certificate #1
      verifying certificate
      DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
      DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
      DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
      DEBUG:pam_pkcs11.c:578: verifying the certificate #2
      verifying certificate
      DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
      DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
      DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
      DEBUG:pam_pkcs11.c:578: verifying the certificate #3
      verifying certificate
      DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
      DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
      DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
      ERROR:pam_pkcs11.c:673: no valid certificate which meets all requirements found
      Error 2336: No matching certificate found
      DEBUG:mapper_mgr.c:213: unloading mapper module list
      DEBUG:mapper_mgr.c:137: calling mapper_module_end() pwent
      DEBUG:mapper_mgr.c:148: Module pwent is static: don't remove
      DEBUG:pkcs11_lib.c:1465: logout user
      DEBUG:pkcs11_lib.c:1472: closing the PKCS #11 session
      DEBUG:pkcs11_lib.c:1478: releasing keys and certificates


      The card has a few X.509 certs and a few RSA keys on it that I need to keep. How can I tell PAM that the current keys are what I want as my user?



      Also
      cd /etc/pam_pkcs11/cacerts
      sudo pkcs11_make_hash_link
      was unable to find the script, and when I manually created it from the github it only found itself thus threw an error






      authentication pam smartcard







      share|improve this question















      I have followed this tutorial to the point where PAM asks for my smartcard and pin on sudo -i, but then it says 



      Smart card PIN: 
      DEBUG:pkcs11_lib.c:1405: login as user CKU_USER
      DEBUG:pkcs11_lib.c:1599: Saving Certificate #1:
      DEBUG:pkcs11_lib.c:1601: - type: 00
      DEBUG:pkcs11_lib.c:1602: - id: 00
      DEBUG:pkcs11_lib.c:1599: Saving Certificate #2:
      DEBUG:pkcs11_lib.c:1601: - type: 00
      DEBUG:pkcs11_lib.c:1602: - id: 00
      DEBUG:pkcs11_lib.c:1599: Saving Certificate #3:
      DEBUG:pkcs11_lib.c:1601: - type: 00
      DEBUG:pkcs11_lib.c:1602: - id: 00
      DEBUG:pkcs11_lib.c:1634: Found 3 certificates in token
      DEBUG:mapper_mgr.c:172: Retrieveing mapper module list
      DEBUG:mapper_mgr.c:73: Loading static module for mapper 'pwent'
      DEBUG:mapper_mgr.c:196: Inserting mapper [pwent] into list
      DEBUG:pam_pkcs11.c:578: verifying the certificate #1
      verifying certificate
      DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
      DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
      DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
      DEBUG:pam_pkcs11.c:578: verifying the certificate #2
      verifying certificate
      DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
      DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
      DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
      DEBUG:pam_pkcs11.c:578: verifying the certificate #3
      verifying certificate
      DEBUG:cert_vfy.c:416: Neither CA nor CRL check requested. CertVrfy() skipped
      DEBUG:mapper_mgr.c:306: Mapper module pwent match() returns 0
      DEBUG:pam_pkcs11.c:661: certificate is valid but does not match the user
      ERROR:pam_pkcs11.c:673: no valid certificate which meets all requirements found
      Error 2336: No matching certificate found
      DEBUG:mapper_mgr.c:213: unloading mapper module list
      DEBUG:mapper_mgr.c:137: calling mapper_module_end() pwent
      DEBUG:mapper_mgr.c:148: Module pwent is static: don't remove
      DEBUG:pkcs11_lib.c:1465: logout user
      DEBUG:pkcs11_lib.c:1472: closing the PKCS #11 session
      DEBUG:pkcs11_lib.c:1478: releasing keys and certificates


      The card has a few X.509 certs and a few RSA keys on it that I need to keep. How can I tell PAM that the current keys are what I want as my user?



      Also
      cd /etc/pam_pkcs11/cacerts
      sudo pkcs11_make_hash_link
      was unable to find the script, and when I manually created it from the github it only found itself thus threw an error






      authentication pam smartcard




      authentication pam smartcard






      share|improve this question














      share|improve this question











      share|improve this question




      share|improve this question










      asked Jun 14 at 14:14









      NeywinyNeywiny

      1




      1























          0






          active

          oldest

          votes













          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "89"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );














          draft saved

          draft discarded
















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1151082%2fpam-authentication-with-existing-smart-card%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown


























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1151082%2fpam-authentication-with-existing-smart-card%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown









          -

          Popular posts from this blog

          Tamil (spriik) Luke uk diar | Nawigatjuun

          Image
          Fering ArtiikelDrawiidisk Spriiken SölringÖömrangFeringHalunderHalifreeskMooringWiringhiirderKarhiirderGooshiirderDrawiidisk SpriikTamil NaduIndienSri Lanka (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u003Eu003Cdiv class="mw-dismissable-notice-close"u003E[u003Ca tabindex="0" role="button"u003EFersteegu003C/au003E]u003C/divu003Eu003Cdiv class="mw-dismissable-notice-body"u003Eu003Cdiv id="localNotice" lang="frr" dir="ltr"u003Eu003Cdiv id="sitenotice"u003Enu003Ccenteru003Enu003Ctable class="rahmenfarbe4" style="border-style: solid; border-width: thin; width: 70%;"u003Ennu003Ctbodyu003Eu003Ctru003Enu003Ctd style="text-align:center;"u003Eu003Ca href="/wiki/Datei:Nordfriesischeflagge.svg" class="image"u003Eu003Cimg alt="Nordfriesische
          Read more

          Align equal signs while including text over equalitiesAMS align: left aligned text/math plus multicolumn alignmentMultiple alignmentsAligning equations in multiple placesNumbering and aligning an equation with multiple columnsHow to align one equation with another multline equationUsing \ in environments inside the begintabularxNumber equations and preserving alignment of equal signsHow can I align equations to the left and to the right?Double equation alignment problem within align enviromentAligned within align: Why are they right-aligned?

          Image
          Why didn't the Universal Translator speak whale? What is /dev/null and why can't I use hx on it? The work of mathematicians outside their professional environment Does the DOJ's declining to investigate the Trump-Zelensky call ruin the basis for impeachment? Are there any tricks to pushing a grand piano? Maintaining distance Does it require less energy to reach the Sun from Pluto's orbit than from Earth's orbit? Object Oriented Design: Where to place behavior that pertains to more than one type of object? Choice of solvent during thin layer chromatography How to catch creatures that can predict the next few minutes? Use floats or doubles when writing mobile games How come the Russian cognate for the Czech word "čerstvý" (fresh) means entirely the opposite thing (stale)? What are the limits on an impeached and not convicted president? How to calculate Limit of this sequence Bash-script as linux-service won't run, but executed
          Read more

          Training a classifier when some of the features are unknownWhy does Gradient Boosting regression predict negative values when there are no negative y-values in my training set?How to improve an existing (trained) classifier?What is effect when I set up some self defined predisctor variables?Why Matlab neural network classification returns decimal values on prediction dataset?Fitting and transforming text data in training, testing, and validation setsHow to quantify the performance of the classifier (multi-class SVM) using the test data?How do I control for some patients providing multiple samples in my training data?Training and Test setTraining a convolutional neural network for image denoising in MatlabShouldn't an autoencoder with #(neurons in hidden layer) = #(neurons in input layer) be “perfect”?

          Image
          Extremely casual way to make requests to very close friends Why are Gatwick's runways too close together? AsyncDictionary - Can you break thread safety? Different inverter (logic gate) symbols Y2K... in 2019? Withdrew when Jimmy met up with Heath Christian apologetics regarding the killing of innocent children during the Genesis flood How does 'AND' distribute over 'OR' (Set Theory)? Ex-contractor published company source code and secrets online how to differentiate when a child lwc component is called twice in parent component? Infeasibility in mathematical optimization models How is this kind of structure made? Plausibility of Ice Eaters in the Arctic Tikzpicture - finish drawing a curved line for a cake slice Why is transplanting a specific intact brain impossible if it is generally possible? How to create all combinations from a nested list while preserving the structure using R? What should I call bands of armed men in Medieval T
          Read more