Re: No PIN asked for with libpam-poldi

Wed, 12 Nov 2025 13:09:10 -0800

I managed to get some logs from gpg-agent. No sure how to interpret this however. No obvious error I can spot (but I don't know what to look for):
2025-11-12 21:59:02 gpg-agent[15833] gpg-agent (GnuPG) 2.4.4 starting in supervised mode. 2025-11-12 21:59:02 gpg-agent[15833] using fd 3 for std socket (/run/user/1000/gnupg/S.gpg-agent) 2025-11-12 21:59:02 gpg-agent[15833] using fd 4 for extra socket (/run/user/1000/gnupg/S.gpg-agent.extra) 2025-11-12 21:59:02 gpg-agent[15833] using fd 5 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh) 2025-11-12 21:59:02 gpg-agent[15833] using fd 6 for browser socket (/run/user/1000/gnupg/S.gpg-agent.browser) 2025-11-12 21:59:02 gpg-agent[15833] listening on: std=3 extra=4 browser=6 ssh=5 2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK Pleased to meet you, process 15832 
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- RESET
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION ttyname=/dev/pts/4 
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION ttytype=xterm-256color 
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION display=:0
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION xauthority=/run/user/1000/xauth_uyqgiW 
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION putenv=WAYLAND_DISPLAY=wayland-0 
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION putenv=XDG_SESSION_TYPE=wayland 
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus 
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION lc-ctype=fr_FR.UTF-8 
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION lc-messages=fr_FR.UTF-8 
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- [eof]
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_12 -> OK Pleased to meet you, process 15998 
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_12 <- SCD GETINFO socket_name
2025-11-12 21:59:54 gpg-agent[15833] no running /usr/lib/gnupg/scdaemon daemon - starting it 
2025-11-12 21:59:54 gpg-agent[15833] DBG: agent_flush_cache (pincache only)
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 <- OK GNU Privacy Guard's Smartcard server ready 2025-11-12 21:59:54 gpg-agent[15833] first connection to daemon /usr/lib/gnupg/scdaemon established 
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 -> GETINFO socket_name
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 <- D /run/user/1000/gnupg/S.scdaemon 
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 <- OK
2025-11-12 21:59:54 gpg-agent[15833] DBG: additional connections at '/run/user/1000/gnupg/S.scdaemon' 
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 -> OPTION event-signal=12
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 <- OK
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 -> GETINFO socket_name
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 <- D /run/user/1000/gnupg/S.scdaemon 
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 <- OK
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_12 -> D /run/user/1000/gnupg/S.scdaemon 
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_12 <- BYE
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_12 -> OK closing connection
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 -> RESTART
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 <- OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK Pleased to meet you, process 16050 
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- RESET
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- OPTION ttytype=xterm-256color 
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- OPTION display=:0
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- OPTION xauthority=/run/user/1000/xauth_uyqgiW 
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- OPTION putenv=WAYLAND_DISPLAY=wayland-0 
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- OPTION putenv=XDG_SESSION_TYPE=wayland 
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus 
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- KILLAGENT
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK closing connection
2025-11-12 22:00:18 gpg-agent[15833] random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 
              outmix=0 getlvl1=0/0 getlvl2=0/0
2025-11-12 22:00:18 gpg-agent[15833] rndjent stat: collector=0x0000000000000000 calls=0 bytes=0 
2025-11-12 22:00:18 gpg-agent[15833] secmem usage: 0/65536 bytes in 0 blocks
2025-11-12 22:00:22 gpg-agent[16056] gpg-agent (GnuPG) 2.4.4 starting in supervised mode. 2025-11-12 22:00:22 gpg-agent[16056] using fd 3 for std socket (/run/user/1000/gnupg/S.gpg-agent) 2025-11-12 22:00:22 gpg-agent[16056] using fd 4 for extra socket (/run/user/1000/gnupg/S.gpg-agent.extra) 2025-11-12 22:00:22 gpg-agent[16056] using fd 5 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh) 2025-11-12 22:00:22 gpg-agent[16056] using fd 6 for browser socket (/run/user/1000/gnupg/S.gpg-agent.browser) 2025-11-12 22:00:22 gpg-agent[16056] listening on: std=3 extra=4 browser=6 ssh=5 2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK Pleased to meet you, process 16055 
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- RESET
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION ttyname=/dev/pts/4 
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION ttytype=xterm-256color 
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION display=:0
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION xauthority=/run/user/1000/xauth_uyqgiW 
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION putenv=WAYLAND_DISPLAY=wayland-0 
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION putenv=XDG_SESSION_TYPE=wayland 
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus 
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION lc-ctype=fr_FR.UTF-8 
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION lc-messages=fr_FR.UTF-8 
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- [eof]
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_12 -> OK Pleased to meet you, process 16072 
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_12 <- SCD GETINFO socket_name
2025-11-12 22:00:31 gpg-agent[16056] no running /usr/lib/gnupg/scdaemon daemon - starting it 
2025-11-12 22:00:31 gpg-agent[16056] DBG: agent_flush_cache (pincache only)
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 <- OK GNU Privacy Guard's Smartcard server ready 2025-11-12 22:00:31 gpg-agent[16056] first connection to daemon /usr/lib/gnupg/scdaemon established 
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 -> GETINFO socket_name
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 <- D /run/user/1000/gnupg/S.scdaemon 
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 <- OK
2025-11-12 22:00:31 gpg-agent[16056] DBG: additional connections at '/run/user/1000/gnupg/S.scdaemon' 
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 -> OPTION event-signal=12
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 <- OK
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 -> GETINFO socket_name
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 <- D /run/user/1000/gnupg/S.scdaemon 
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 <- OK
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_12 -> D /run/user/1000/gnupg/S.scdaemon 
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_12 <- BYE
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_12 -> OK closing connection
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 -> RESTART
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 <- OK

Trying to sudo at 22:00:31
Before is just normal gpg-agent start (?).

Any idea ?

Regards,
Franck

Le 07/11/2025 à 18:36, Franck Routier (Personnel) via Gnupg-users a écrit :

Typo? In any case, avoid the weird debug-level setting. Use "debug ipc"
instead. Also set log-file so that the logs don't end up in some random place
(or nowhere).

Yes typo. I removed it alltogether for now:

pinentry-program /usr/bin/pinentry-qt
enable-ssh-support
ttyname $GPG_TTY
default-cache-ttl 60
max-cache-ttl 120


Very likely gpg-agent fails to start pinentry-qt or pinentry-qt fails to start
because there's no window manager running. Try using pinentry-curses or
pinentry-tty instead of pinentry-qt if you are anyway using the terminal.
In fact gpg-agent seems to be able to call pinentry-qt, as when I use pass or browserpass, it works and I get a pretty pinentry window... 

That said, switching to pinentry-tty does not solve the problem with pam.
In fact I can see pinentry-tty working with pass and failing with sudo in the same terminal session: 

$ pass perso/ameli.fr
Please unlock the card
Number: 10 955 601
Holder: Franck Routier
PIN:
*************************
$ sudo su
Insert authentication card for user `franck'
Trying authentication as user `franck'...
[sudo] password for franck:

Franck

_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users

_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to