-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Subject: libpam-p11: it works for me...
Followup-For: Bug #347957
Package: libpam-p11
Version: 0.1.2-2
i just did a bit of testing (moved a workstation to pam-p11 today,
from pam-opensc), and i can't duplicate this error.
Are you sure that your card hasn't been blocked by too many failed PIN
attempts?
i've locked myself out of a cryptoFlex eGate smartcard before by
deliberately giving it the wrong password many times in a row (usually
while testing PAM behavior in various clients). When a card gets
locked like this, i see exactly the message the Rene reports:
sec.c:204:sc_pin_cmd: returning with: Authentication method blocked
if you had set a PUK (PIN Unblocking Key) on that auth-id, you should
be able to remove the Authentication Block with
pkcs15-tool --unblock-pin -a 1
(replace '1' with whichever auth-id you were using). Otherwise, from
what i can tell, you'll probably need to reset the card.
- From what i've read, multiple failures (10+?) of the PUK may
permanently disable the card, though, so be careful.
Here's me logging into my workstation with libpam-p11-opensc:
- ------------------------------------------------------
Debian GNU/Linux testing/unstable squeak tty1
squeak login: dkg
Password for token OpenSC Card (dkg):
Last login: Mon Jan 30 21:51:12 2006 on tty1
Linux squeak 2.6.12-1-686 #1 Tue Sep 27 12:52:50 JST 2005 i686 GNU/Linux
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
No mail.
[EMAIL PROTECTED] ~]$
- ------------------------------------------------------
and /etc/pam.d/common-auth just has the following line:
auth required pam_p11_opensc.so /usr/lib/pkcs11/opensc-pkcs11.so
note that a couple posts [0] on the opensc-user mailing list talk
about possible reasons that an Authentication Block like this might
happen...
Hope this helps move along the diagnosis here. it'd be nice to see
this package move into testing, if this bug is actually not due to the
software, but just to Rene's card itself.
Regards,
--dkg
[0] http://www.opensc-project.org/pipermail/opensc-user/2005-July/000249.html
http://www.opensc-project.org/pipermail/opensc-user/2005-July/000250.html
- -- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (700, 'testing'), (700, 'stable'), (600, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages libpam-p11 depends on:
ii libc6 2.3.5-8 GNU C Library: Shared libraries an
ii libp11-0 0.2.1-2 pkcs#11 convenience library
ii libpam0g 0.79-3 Pluggable Authentication Modules l
ii libssl0.9.8 0.9.8a-6 SSL shared libraries
libpam-p11 recommends no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iD8DBQFD3t44iXTlFKVLY2URAuh/AKC6YdSCrCBYjxBERq6V2QVe/MPCzgCgzmOJ
291czXBV2fysNDA+Rgva4bg=
=yd4f
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
