[Muscle] PAM and su on Linux

Thu, 02 Sep 2004 07:58:14 -0700 

Now that I have the JCOP cards working. I wanted to get them integrated into the Linux 
environment.
I'm using http://www.strongsec.com/smartcards/howto/html/SmartCard-Login-HOWTO-5.html

First I tried to modify the su command - modifying the "auth" line
---------------
.muscle% more /etc/pam.d/su
#%PAM-1.0
auth       sufficient   /lib/security/$ISA/pam_rootok.so
#was
#auth       required    /lib/security/$ISA/pam_stack.so service=system-auth
auth       required     /lib/security/pam_musclecard.so service=system-auth reader=0
account    required     /lib/security/$ISA/pam_stack.so service=system-auth
password   required     /lib/security/$ISA/pam_stack.so service=system-auth
session    required     /lib/security/$ISA/pam_stack.so service=system-auth
session    optional     /lib/security/$ISA/pam_xauth.so
----------------
I have no idea why the reader=0 is there, but that's what the HOWTO page said to use.

And when I try to "su barnett" without a smartcard in there, it failed:
---------
.muscle% su barnett
su: incorrect password
----------------
Good.
And when I had the card in there, it says:

.muscle% su barnett
->: 00 a4 04 00 06 a0 00 00 00 01 01
<-: 90 00
Welcome
Please enter pin:
pin  = 00000000
 
Random value = 
276c1aa4c4a80d411f0736b54c1aa27c0c84cafb454412fd27eaf74754d9b2cf0fd507a8b2205feb4049d368c97931750f3e32d063df95121a89e33e1630a3c824e4fae2645ce224fd493c4f70f7ce654f6096af1541862cb09ffdbbb7665339e9730960927e2f744366ec4eaa05c5011e88a94ae8e6f687cc4def8e63db9a60
 
->: [INS_VERIFY_PIN] b0 42 01 00 08 30 30 30 30 30 30 30 30
<-: 90 00
->: [INS_COMPUTE_CRYPT] b0 36 00 01 05 00 03 01 00 00
<-: 9c 10
su: incorrect password
--------------------------


I exported my public key,   and stored it in ~/.muscle/user.cert

The system log file says:
Sep  2 10:42:34 grymoire su: musclecard error: Internal Error
Sep  2 10:42:37 grymoire su: musclecard error: Internal Error
Sep  2 10:42:46 grymoire su: musclecard error: Unknown SW: 9C10
Sep  2 10:50:19 grymoire su: musclecard error: Internal Error


Any suggestions? 
_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.drizzle.com/mailman/listinfo/muscle

Reply via email to