Red Hat Bugzilla – Bug 162519
Problems with xscreensaver and pam_opensc
Last modified: 2007-11-30 17:11:09 EST
There seems to be a problem with xscreensaver and pam_opensc-0.9.6-2.
I'm using pam_opensc for required authentication on a system here, which works
fine. The pam.d/system-auth has the following line:
auth sufficient /lib/security/$ISA/pam_opensc.so
This works for everything from login, to gdm. Only xscreensaver seems to have
problems with this pam_module and won't unlock a screen:
Jul 5 21:28:28 bofh xscreensaver(pam_opensc): username [andreas] obtained
Jul 5 21:28:28 bofh xscreensaver(pam_opensc): get_certificate failed.
Jul 5 21:28:28 bofh xscreensaver(pam_opensc): Authentication failed for
andreas at :0.0.
Jul 5 21:28:32 bofh xscreensaver(pam_opensc): username [root] obtained
Jul 5 21:28:32 bofh xscreensaver(pam_opensc): Authentication failed for
root at :0.0.
Jul 5 21:28:32 bofh xscreensaver: FAILED LOGIN 1 ON DISPLAY ":0.0", FOR
adding the parameters debug and audit to the pam_opensc module does
unfortunately not result in further logging.
On a related note: You should request pam_opensc being added to bugzilla as
well. It's a single package.
Only source rpm names are Bugzilla components, and pam_opensc one is built
from the opensc source rpm.
Regarding the problem, I'm not able to test that right now, but a WAG: is
there by chance traces of anything related in your /var/log/audit/audit.log?
Forgot to mention that in case this turns out to be a bug in pam_opensc, not
the packaging, our chances of getting upstream help to fix it are kind of
thin; it looks pretty strongly like they're dropping pam_opensc from the next
The replacement will probably be pam_pkcs11 which is currently separately
maintained by separate upstreams; I have a package of an oldish version of it,
which I'll update and push to Extras if that's the way it'll be. And that'd
be a bit painful upgrade :(
Nothing in the audit-log.
This bug hasn't been updated in a long time and targets FE devel.
Could you please check that it still occurs with current FE devel and update
pam_opensc was dropped by upstream in opensc 0.10.0 (maps to FE5+). I gather
pam_pkcs11 should be used nowadays instead.