Hi
I have the same problem now. Do you have a solution
for the Problem?
you wrote
**********
As i wrote, the login using pam_pkcs11 and xdm works
fine. However su and login will not bring me a
shell...
I added partial ps axf output and the debuglog of the
mudule. Maybe someone could explain whats going on
there?
TIA
with /etc/pam.d/su: auth sufficient pam_unix2.so
nullok #debug pkcs11_module=/usr/lib/libaetpkss.so
1751 ? S 0:00 login -- luser
2043 tty3 S 0:00 \_ -bash
2072 tty3 S 0:00 \_ su
2074 tty3 S 0:00 \_ bash
with /etc/pam.d/su: auth sufficient pam_pkcs11.so
nullok debug pkcs11_module=/usr/lib/libaetpkss.so
1751 ? S 0:00 login -- luser
2043 tty3 S 0:00 \_ -bash
2105 tty3 S 0:00 \_ su
2106 tty3 S 0:00 \_ su
Debuglog of the pam-module:
[EMAIL PROTECTED]:~> su
DEBUG:pam_pkcs11.c:131: parsing 3 arguments
DEBUG:pam_pkcs11.c:133: argv[0] = [nullok]
DEBUG:pam_pkcs11.c:133: argv[1] = [debug]
DEBUG:pam_pkcs11.c:133: argv[2] =
[pkcs11_module=/usr/lib/libaetpkss.so]
DEBUG:pam_pkcs11.c:167: username = [root]
DEBUG:pam_pkcs11.c:170: loading pkcs #11 module...
DEBUG:pkcs11.c:37: PKCS #11 module =
[/usr/lib/libaetpkss.so]
DEBUG:pkcs11.c:47: module permissions: uid = 0, gid =
0, mode = 755
DEBUG:pkcs11.c:55: loading module
DEBUG:pkcs11.c:62: getting function list
DEBUG:pam_pkcs11.c:179: initialising pkcs #11
module...
DEBUG:pkcs11.c:95: module information:
DEBUG:pkcs11.c:96: - version: 2.11
DEBUG:pkcs11.c:97: - manufacturer: A.E.T. Europe B.V.
DEBUG:pkcs11.c:98: - flags: 0000
DEBUG:pkcs11.c:99: - library description:
Cryptographic Token Interface
DEBUG:pkcs11.c:100: - library version: 1.9
DEBUG:pkcs11.c:107: number of slots (a): 1
DEBUG:pkcs11.c:130: number of slots (b): 1
DEBUG:pkcs11.c:136: slot 1:
DEBUG:pkcs11.c:144: - description: GemPC430 0 0
DEBUG:pkcs11.c:145: - manufacturer:
DEBUG:pkcs11.c:146: - flags: 0007
DEBUG:pkcs11.c:148: - token:
DEBUG:pkcs11.c:155: - label: StarcosSPK23
DEBUG:pkcs11.c:156: - manufacturer: A.E.T. Europe
B.V.
DEBUG:pkcs11.c:157: - model: 23840D07030700C0
DEBUG:pkcs11.c:158: - serial: 5190191300131033
DEBUG:pkcs11.c:159: - flags: 040d
DEBUG:pam_pkcs11.c:190: using the first slot with an
available token
DEBUG:pkcs11.c:187: opening a new PKCS #11 session for
slot 1
Password for token StarcosSPK23:
DEBUG:pam_pkcs11.c:223: password = [xxxx]
DEBUG:pkcs11.c:205: login as user CKU_USER
DEBUG:pkcs11.c:359: private key found
DEBUG:pkcs11.c:388: saving private key #1:
DEBUG:pkcs11.c:390: - type: 00
DEBUG:pkcs11.c:391: - id: e9
DEBUG:pkcs11.c:267: searching certificate for key #1
DEBUG:pkcs11.c:283: X.509 certificate found
DEBUG:pkcs11.c:310: saving certificate #1:
DEBUG:pkcs11.c:312: - subject: /C=DE/CN=gregor,
[EMAIL PROTECTED]
DEBUG:pkcs11.c:313: - issuer: /C=DE/CN=gregor,
[EMAIL PROTECTED]
DEBUG:pkcs11.c:314: - algorith: rsaEncryption
DEBUG:pam_pkcs11.c:270: verifing the certificate for
the key #1
DEBUG:cert.c:301: adding ca certificate lookup dir
/etc/pkcs11/cacerts/
DEBUG:cert.c:316: adding crl lookup dir
/etc/pkcs11/crls/
DEBUG:cert.c:193: crl policy: 0
DEBUG:cert.c:196: no revocation-check performed
DEBUG:cert.c:357: certificate has not been revoked
DEBUG:cert.c:472: comparing common name
DEBUG:cert.c:413: CN = [gregor, [EMAIL PROTECTED]
DEBUG:cert.c:481: comparing unique identifier
DEBUG:cert.c:496: camparing subject alternative names
DEBUG:cert.c:530: comparing subject with mapping-file
DEBUG:cert.c:430: searching mapping for user [root]
and subject [/C=DE/CN=gregor, [EMAIL PROTECTED]
DEBUG:cert.c:450: [/C=DE/CN=gregor,
[EMAIL PROTECTED] -> [luser]
DEBUG:cert.c:450: [/C=DE/CN=gregor,
[EMAIL PROTECTED] -> [root]
DEBUG:cert.c:452: mapping found!
DEBUG:cert.c:537: certificate matches the user
DEBUG:pam_pkcs11.c:294: certificate is valid and
matches the user
DEBUG:pkcs11.c:470: reading 128 random bytes from
/dev/urandom
DEBUG:pkcs11.c:489: random-value[128] =
[dc:8c:90:...:03]
DEBUG:pkcs11.c:431: hash[35] = [...:26:25:7e:...:8b]
DEBUG:pkcs11.c:461: signature[128] = [5e:04:12:...:85]
DEBUG:pam_pkcs11.c:328: verifying signature...
DEBUG:cert.c:384: signature is valid
DEBUG:pkcs11.c:219: logout user
DEBUG:pkcs11.c:225: closing the PKCS #11 session
DEBUG:pkcs11.c:231: releasing keys and certificates
DEBUG:pam_pkcs11.c:351: releasing pkcs #11 module...
DEBUG:pam_pkcs11.c:354: authentication succeeded
(... nothing happens, no bash...)
^C
[EMAIL PROTECTED]:~>
**************
___________________________________________________________
Gesendet von Yahoo! Mail - Jetzt mit 100MB Speicher kostenlos - Hier anmelden:
http://mail.yahoo.de
_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.drizzle.com/mailman/listinfo/muscle
