Description of problem: Trying to login to the HE VM graphical console, spice or VNC, the user receives a: ERROR:pam_pkcs11,c:318 load_pkcs11_module() failed: as soon as he type something at the login prompt. This doesn't happen connecting over SSH to the same VM. This happens in FIPS but also not in FIPS mode. Version-Release number of selected component (if applicable): 4.3 June 05 ova appliance How reproducible: ? Steps to Reproduce: 1. deploy HE 2. try to login to the engine VM via VNC or SPICE console 3. Actual results: ERROR:pam_pkcs11,c:318 load_pkcs11_module() failed: Expected results: No PAM errors Additional info:
Created attachment 1600657 [details] issue
Additional info: it shows a red error line but with the right login and the right password the user can still successfully login. pam_pkcs11.x86_64 0.6.2-30.el7 is installed on the engine VM.
On journalctl: ago 05 18:18:58 enginevm.localdomain login[14587]: pam_pkcs11(login:auth): load_pkcs11_module() failed: ago 05 18:19:02 enginevm.localdomain systemd-logind[1436]: New session 87 of user root. ago 05 18:19:02 enginevm.localdomain systemd[1]: Started Session 87 of user root. ago 05 18:19:02 enginevm.localdomain login[14587]: pam_unix(login:session): session opened for user root by LOGIN(uid=0) ago 05 18:19:02 enginevm.localdomain login[14587]: ROOT LOGIN ON tty1
Tried it on an HE with ovirt-engine-4.3.6.5-0.1 and was able to log in succesfully without any PAM error, therefore verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3035