> On 8/6/06, Jan Rottkamp <[EMAIL PROTECTED]> wrote:
> > When using Gnome as GUI, a white screen appears on the monitor with the
> > following output:
> > Enter password to unlock; select icon to lock.
> 
> This is the 'xlock' program.  SRSS uses 'xlock' to lock your screen
> when 'xscreensaver' is unable to lock it.
> 
> > And nothing happens.
> >
> > When using CDE as GUI, after the user inserts the smartcard, the CDE
> dialog
> > appears to unlocking the locked screen with the users' password, but no
> > password will be accept and nothing happens.
> [snip]
> > In the system log I find at this time the line (it is a German system):
> >
> > Aug  7 01:20:12 picasso xlock[15300]: [ID 112702 auth.error]
> pam_smartcard:
> > Unexpected error from SCF_Session_getTerminal: Unbekannter Terminalname
> > (unknown terminal name)
> 
> It looks like the PAM configuration on this machine is broken.
> Please post the contents of /etc/pam.conf from this system.
>

Here is the /etc/pam.conf

#
#ident  "@(#)pam.conf   1.28    04/04/21 SMI"
#
# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login   auth requisite          pam_authtok_get.so.1
login   auth required           pam_dhkeys.so.1
login   auth required           pam_unix_cred.so.1
login   auth required           pam_unix_auth.so.1
login   auth required           pam_dial_auth.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin  auth sufficient         pam_rhosts_auth.so.1
rlogin  auth requisite          pam_authtok_get.so.1
rlogin  auth required           pam_dhkeys.so.1
rlogin  auth required           pam_unix_cred.so.1
rlogin  auth required           pam_unix_auth.so.1
#
# Kerberized rlogin service
#
krlogin auth required           pam_unix_cred.so.1
krlogin auth binding            pam_krb5.so.1
krlogin auth required           pam_unix_auth.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh     auth sufficient         pam_rhosts_auth.so.1
rsh     auth required           pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh    auth required           pam_unix_cred.so.1
krsh    auth binding            pam_krb5.so.1
krsh    auth required           pam_unix_auth.so.1
#
# Kerberized telnet service
#
ktelnet auth required           pam_unix_cred.so.1
ktelnet auth binding            pam_krb5.so.1
ktelnet auth required           pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp     auth requisite          pam_authtok_get.so.1
ppp     auth required           pam_dhkeys.so.1
ppp     auth required           pam_unix_cred.so.1
ppp     auth required           pam_unix_auth.so.1
ppp     auth required           pam_dial_auth.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other   auth requisite          pam_authtok_get.so.1
other   auth required           pam_dhkeys.so.1
other   auth required           pam_unix_cred.so.1
other   auth required           pam_unix_auth.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd  auth required           pam_passwd_auth.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron    account required        pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other   account requisite       pam_roles.so.1
other   account required        pam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other   session required        pam_unix_session.so.1
#
# Default definition for  Password management
# Used when service name is not explicitly mentioned for password management
#
other   password required       pam_dhkeys.so.1
other   password requisite      pam_authtok_get.so.1
other   password requisite      pam_authtok_check.so.1
other   password required       pam_authtok_store.so.1
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#

# dtlogin settings added by /usr/bin/smartcard
dtlogin auth requisite          pam_smartcard.so.1
dtlogin auth requisite          pam_authtok_get.so.1
dtlogin auth required           pam_dhkeys.so.1
dtlogin auth required           pam_unix_cred.so.1
dtlogin auth required           pam_unix_auth.so.1

# dtsession settings added by /usr/bin/smartcard
dtsession       auth requisite          pam_smartcard.so.1
dtsession       auth requisite          pam_authtok_get.so.1
dtsession       auth required           pam_dhkeys.so.1
dtsession       auth required           pam_unix_cred.so.1
dtsession       auth required           pam_unix_auth.so.1

# xlock settings added by /usr/bin/smartcard
xlock   auth requisite          pam_smartcard.so.1
xlock   auth requisite          pam_authtok_get.so.1
xlock   auth required           pam_dhkeys.so.1
xlock   auth required           pam_unix_cred.so.1
xlock   auth required           pam_unix_auth.so.1
# added to xscreensaver by SunRay Server Software -- xscreensaver
xscreensaver    auth requisite          pam_smartcard.so.1
xscreensaver auth sufficient /opt/SUNWut/lib/pam_sunray.so syncondisplay
xscreensaver auth requisite pam_authtok_get.so.1
xscreensaver auth required pam_dhkeys.so.1
xscreensaver auth required pam_unix_cred.so.1
xscreensaver auth required pam_unix_auth.so.1
xscreensaver account requisite pam_roles.so.1
xscreensaver account required pam_unix_account.so.1
xscreensaver session required pam_unix_session.so.1
xscreensaver password required pam_dhkeys.so.1
xscreensaver password requisite pam_authtok_get.so.1
xscreensaver password requisite pam_authtok_check.so.1
xscreensaver password required pam_authtok_store.so.1
# added to dtlogin-SunRay by SunRay Server Software -- dtlogin-SunRay
dtlogin-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so
dtlogin-SunRay auth requisite /opt/SUNWut/lib/sunray_get_user.so.1
property=username
dtlogin-SunRay auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1
dtlogin-SunRay auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 prompt
dtlogin-SunRay auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1 clearuser
dtlogin-SunRay auth requisite pam_authtok_get.so.1
dtlogin-SunRay auth required pam_dhkeys.so.1
dtlogin-SunRay auth required pam_unix_cred.so.1
dtlogin-SunRay auth required pam_unix_auth.so.1
dtlogin-SunRay account sufficient /opt/SUNWut/lib/pam_sunray.so
dtlogin-SunRay account requisite pam_roles.so.1
dtlogin-SunRay account required pam_unix_account.so.1
# added to dtsession-SunRay by SunRay Server Software -- dtsession-SunRay
dtsession-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so syncondisplay
dtsession-SunRay auth requisite pam_authtok_get.so.1
dtsession-SunRay auth required pam_dhkeys.so.1
dtsession-SunRay auth required pam_unix_cred.so.1
dtsession-SunRay auth required pam_unix_auth.so.1
# added to utnsclogin by SunRay Server Software -- utnsclogin
utnsclogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1
property=username
utnsclogin auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1
utnsclogin auth requisite pam_authtok_get.so.1
utnsclogin auth required pam_dhkeys.so.1
utnsclogin auth required pam_unix_cred.so.1
utnsclogin auth required pam_unix_auth.so.1
# added to utadmingui by SunRay Server Software -- utadmingui
utadmingui auth sufficient /opt/SUNWut/lib/pam_sunray_admingui.so.1
# added to utgulogin by SunRay Server Software -- utgulogin
utgulogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1
property=username
utgulogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1
token=auth,JavaBadge
utgulogin auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1
utgulogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 prompt
utgulogin auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1
 
> Are you intentionally trying to use some sort of additional
> smartcard-based authentication for your Sun Ray logins?

What do you mean whith additional smartcard-based authentication?

I only use smartcard-based authentication with PIN on the server (ocfserv
daemon), but I think this is only a local configuration with the smartcard
reader in the server and the local dtlogin, or is it not?

> 
> OttoM.
> __
> ottomeister
> 
> Disclaimer: These are my opinions.  I do not speak for my employer.
> _______________________________________________
> SunRay-Users mailing list
> [email protected]
> http://www.filibeto.org/mailman/listinfo/sunray-users

_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users

Reply via email to