-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: libpam-p11: it works for me... Followup-For: Bug #347957 Package: libpam-p11 Version: 0.1.2-2
i just did a bit of testing (moved a workstation to pam-p11 today, from pam-opensc), and i can't duplicate this error. Are you sure that your card hasn't been blocked by too many failed PIN attempts? i've locked myself out of a cryptoFlex eGate smartcard before by deliberately giving it the wrong password many times in a row (usually while testing PAM behavior in various clients). When a card gets locked like this, i see exactly the message the Rene reports: sec.c:204:sc_pin_cmd: returning with: Authentication method blocked if you had set a PUK (PIN Unblocking Key) on that auth-id, you should be able to remove the Authentication Block with pkcs15-tool --unblock-pin -a 1 (replace '1' with whichever auth-id you were using). Otherwise, from what i can tell, you'll probably need to reset the card. - From what i've read, multiple failures (10+?) of the PUK may permanently disable the card, though, so be careful. Here's me logging into my workstation with libpam-p11-opensc: - ------------------------------------------------------ Debian GNU/Linux testing/unstable squeak tty1 squeak login: dkg Password for token OpenSC Card (dkg): Last login: Mon Jan 30 21:51:12 2006 on tty1 Linux squeak 2.6.12-1-686 #1 Tue Sep 27 12:52:50 JST 2005 i686 GNU/Linux The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. No mail. [EMAIL PROTECTED] ~]$ - ------------------------------------------------------ and /etc/pam.d/common-auth just has the following line: auth required pam_p11_opensc.so /usr/lib/pkcs11/opensc-pkcs11.so note that a couple posts [0] on the opensc-user mailing list talk about possible reasons that an Authentication Block like this might happen... Hope this helps move along the diagnosis here. it'd be nice to see this package move into testing, if this bug is actually not due to the software, but just to Rene's card itself. Regards, --dkg [0] http://www.opensc-project.org/pipermail/opensc-user/2005-July/000249.html http://www.opensc-project.org/pipermail/opensc-user/2005-July/000250.html - -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (700, 'testing'), (700, 'stable'), (600, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages libpam-p11 depends on: ii libc6 2.3.5-8 GNU C Library: Shared libraries an ii libp11-0 0.2.1-2 pkcs#11 convenience library ii libpam0g 0.79-3 Pluggable Authentication Modules l ii libssl0.9.8 0.9.8a-6 SSL shared libraries libpam-p11 recommends no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/> iD8DBQFD3t44iXTlFKVLY2URAuh/AKC6YdSCrCBYjxBERq6V2QVe/MPCzgCgzmOJ 291czXBV2fysNDA+Rgva4bg= =yd4f -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]