-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I saw this thread and also remembered having talked to Peter Bauer about
using the eTokens under linux.
If you are using the aladdin middleware, you do not need the event
manager. The events are handeled by the etokend and udev.
You just need to configure udev for the etoken.
Kind regards
Cornelius Kölbel
Hans Rembeck schrieb:
> Hello
>
> when Iam using the PKCS#11 Event Manager and insert an etoken into usb,
> there is no verification.
> It means that when i remove etoken A and insert etoken B never mind.
>
> the /var/log/auth.log is:
> May 7 13:01:19 lux0 PAM-PKCS11[15302]: open_pkcs11_login() failed:
> C_Login() failed: a0
> May 7 13:01:19 lux0 PAM-PKCS11[15302]: (pam_unix) authentication
> failure; logname= uid=4082 euid=4082 tty=:0 ruser= rhost= user=xxx
> May 7 13:01:19 lux0 kcheckpass[15302]: Authentication failure for xxx
> (invoked by uid 4082)
> May 7 13:01:20 lux0 PAM-PKCS11[15311]: open_pkcs11_login() failed:
> C_Login() failed: a0
> May 7 13:01:20 lux0 PAM-PKCS11[15311]: (pam_unix) authentication
> failure; logname= uid=4082 euid=4082 tty=:0 ruser= rhost= user=xxx
> May 7 13:01:20 lux0 kcheckpass[15311]: Authentication failure for xxxx
> (invoked by uid 4082)
>
> xxx is the username of the etoken
>
> the Attachment is the /etc/pam_pkcs11/pkcs11_eventmgr.conf
>
> What i have to do to verificate the etoken to the logged in user.
>
> thanks
>
> Hans Rembeck
>
>
>
>
> ------------------------------------------------------------------------
>
> #Sample pkcs11_eventmgr configuration file
> #
> pkcs11_eventmgr {
>
> # Run in background? Implies debug=false if true
> daemon = true;
>
> # show debug messages?
> debug = true;
>
> # polling time in seconds
> polling_time = 1;
>
> # expire time in seconds
> # default = 0 (no expire)
> expire_time = 0;
>
> # pkcs11 module to use
> #pkcs11_module = /usr/lib/opensc-pkcs11.so;
> pkcs11_module = /usr/local/lib/libetpkcs11.so;
> #pkcs11_module = /lib/security/pam_pkcs11.so;
>
> #
> # list of events and actions
>
> # Card inserted
> event card_insert {
> # what to do if an action fail?
> # ignore : continue to next action
> # return : end action sequence
> # quit : end program
> on_error = ignore ;
>
> # You can enter several, comma-separated action entries
> # they will be executed in turn
> action = "echo " ",
> "/usr/bin/killall kdesktop_lock";
> }
>
> # Card has been removed
> event card_remove {
> on_error = ignore;
> action = "/usr/bin/kdesktop_lock --forcelock";
>
> }
>
> # Too much time card removed
> event expire_time {
> on_error = ignore;
> action = "/bin/false";
> }
> }
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
- --
Cornelius Kölbel (Senior Security Consultant), http://www.lsexperts.de
LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt
Tel: +49 6151 9067-252, Fax: -299, Mobil: +49 160 96307089
Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649
Geschaeftsfuehrer: Oliver Michel, Sven Walther
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGQDh/A5hpJzCAJ7QRAqMzAJ4xByOV9qlu3bCrfawUHYjap57ASACZAYc8
/uVmKX5UfCVPjgHlrBo10bw=
=YuMF
-----END PGP SIGNATURE-----
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
