162519 – Problems with xscreensaver and pam_opensc

Bug 162519 - Problems with xscreensaver and pam_opensc

Summary: Problems with xscreensaver and pam_opensc

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	opensc
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Ville Skyttä
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-07-05 19:32 UTC by Andreas Thienemann
Modified:	2007-11-30 22:11 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-01-19 18:29:58 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Andreas Thienemann 2005-07-05 19:32:58 UTC

There seems to be a problem with xscreensaver and pam_opensc-0.9.6-2.

I'm using pam_opensc for required authentication on a system here, which works
fine. The pam.d/system-auth has the following line:
auth        sufficient    /lib/security/$ISA/pam_opensc.so

This works for everything from login, to gdm. Only xscreensaver seems to have
problems with this pam_module and won't unlock a screen:

Jul  5 21:28:28 bofh xscreensaver(pam_opensc)[4103]: username [andreas] obtained
Jul  5 21:28:28 bofh xscreensaver(pam_opensc)[4103]: get_certificate failed.
Jul  5 21:28:28 bofh xscreensaver(pam_opensc)[4103]: Authentication failed for
andreas at :0.0.
Jul  5 21:28:32 bofh xscreensaver(pam_opensc)[4103]: username [root] obtained
Jul  5 21:28:32 bofh xscreensaver(pam_opensc)[4103]: Authentication failed for
root at :0.0.
Jul  5 21:28:32 bofh xscreensaver[4103]: FAILED LOGIN 1 ON DISPLAY ":0.0", FOR
"andreas"


adding the parameters debug and audit to the pam_opensc module does
unfortunately not result in further logging.


On a related note: You should request pam_opensc being added to bugzilla as
well. It's a single package.

Comment 1 Ville Skyttä 2005-07-05 20:33:36 UTC

Only source rpm names are Bugzilla components, and pam_opensc one is built 
from the opensc source rpm. 
 
Regarding the problem, I'm not able to test that right now, but a WAG: is 
there by chance traces of anything related in your /var/log/audit/audit.log?

Comment 2 Ville Skyttä 2005-07-05 20:55:08 UTC

Forgot to mention that in case this turns out to be a bug in pam_opensc, not 
the packaging, our chances of getting upstream help to fix it are kind of 
thin; it looks pretty strongly like they're dropping pam_opensc from the next 
release. 
 
The replacement will probably be pam_pkcs11 which is currently separately 
maintained by separate upstreams; I have a package of an oldish version of it, 
which I'll update and push to Extras if that's the way it'll be.  And that'd 
be a bit painful upgrade :(

Comment 3 Andreas Thienemann 2005-07-05 21:16:09 UTC

Nothing in the audit-log.

Sucks...

Comment 4 Christian Iseli 2007-01-19 07:21:56 UTC

This bug hasn't been updated in a long time and targets FE devel.
Could you please check that it still occurs with current FE devel and update
accordingly ?

Thanks.

Comment 5 Ville Skyttä 2007-01-19 18:29:58 UTC

pam_opensc was dropped by upstream in opensc 0.10.0 (maps to FE5+).  I gather
pam_pkcs11 should be used nowadays instead.

Note You need to log in before you can comment on or make changes to this bug.