I'm not sure if this forum is the best place to post it but since it's Debian and I'm a Debian user and Xscreensaver does not have any community ... ![:o]( "Surprised")
Based on this tutorial I successfully configured smartcard authentication: https://ubuntuforums.org/showthread.php?t=1557180
This works fine with sudo but for example with Xscreensaver which also includes the common-auth module therefore it tries smartcard I just get "Verifying certificate" then big nothing, if I remove the card I can login with regular password.
There isn't seems to be any specific settings in it's config file. Following the tutorial I just using the simple mapper where as it looks for a valid X509 on the smartcard then it looks for the CN= field and matches it with the user's GECO field from /etc/passwd but as I said with other tools this even works fine.
Any idea how to fix it? Or is there even any "better" alternative these days for Xscreensaver? It's 2024 after all already and we have 1 single screensaver since 20 years for linux?!![:wink:]( "Wink")
Based on this tutorial I successfully configured smartcard authentication: https://ubuntuforums.org/showthread.php?t=1557180
This works fine with sudo but for example with Xscreensaver which also includes the common-auth module therefore it tries smartcard I just get "Verifying certificate" then big nothing, if I remove the card I can login with regular password.
There isn't seems to be any specific settings in it's config file. Following the tutorial I just using the simple mapper where as it looks for a valid X509 on the smartcard then it looks for the CN= field and matches it with the user's GECO field from /etc/passwd but as I said with other tools this even works fine.
Any idea how to fix it? Or is there even any "better" alternative these days for Xscreensaver? It's 2024 after all already and we have 1 single screensaver since 20 years for linux?!
Code:
2024-08-23T20:18:43.496162+02:00 lappy xscreensaver-auth: releasing keys and certificates2024-08-23T20:18:43.496342+02:00 lappy kernel:xscreensaver-au[25313]: segfault at 4 ip 00007f17f4877f19 sp 00007ffcfbfab568 error 4 in libc.so.6[7f17f4748000+155000] likely on CPU 7 (core 11, socket 0)2024-08-23T20:18:43.496348+02:00 lappy kernel:Code: fe 7f 5c 17 e1 c5 f8 77 c3 0f 1f 84 00 00 00 00 00 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 37 01 00 00 <c5> fd 74 0f c5 fd d7 c1 85 c0 74 5b f3 0f bc c0 c5 f8 77 c3 0f 1f2024-08-23T20:18:44.009636+02:00 lappy xscreensaver-auth: explicit username = [kekke]2024-08-23T20:18:44.009638+02:00 lappy xscreensaver-auth: loading pkcs #11 module...2024-08-23T20:18:44.009639+02:00 lappy xscreensaver-auth: PKCS #11 module = [/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so]2024-08-23T20:18:44.009642+02:00 lappy xscreensaver-auth: module permissions: uid = 0, gid = 0, mode = 6442024-08-23T20:18:44.009643+02:00 lappy xscreensaver-auth: loading module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so2024-08-23T20:18:44.011418+02:00 lappy xscreensaver-auth: getting function list2024-08-23T20:18:44.011421+02:00 lappy xscreensaver-auth: initialising pkcs #11 module...2024-08-23T20:18:44.726786+02:00 lappy xscreensaver-auth: module information:2024-08-23T20:18:44.726790+02:00 lappy xscreensaver-auth: - version: 2.202024-08-23T20:18:44.726792+02:00 lappy xscreensaver-auth: - manufacturer: OpenSC Project 2024-08-23T20:18:44.726794+02:00 lappy xscreensaver-auth: - flags: 00002024-08-23T20:18:44.726795+02:00 lappy xscreensaver-auth: - library description: OpenSC smartcard framework 2024-08-23T20:18:44.726796+02:00 lappy xscreensaver-auth: - library version: 0.232024-08-23T20:18:44.728951+02:00 lappy xscreensaver-auth: number of slots (a): 12024-08-23T20:18:44.729992+02:00 lappy xscreensaver-auth: number of slots (b): 12024-08-23T20:18:44.729993+02:00 lappy xscreensaver-auth: slot 1:2024-08-23T20:18:44.732065+02:00 lappy xscreensaver-auth: - description: Athena ASE IIIe [CCID Bulk Interface] 00 00 2024-08-23T20:18:44.732067+02:00 lappy xscreensaver-auth: - manufacturer: Athena 2024-08-23T20:18:44.732068+02:00 lappy xscreensaver-auth: - flags: 00072024-08-23T20:18:44.732069+02:00 lappy xscreensaver-auth: - token:2024-08-23T20:18:44.732070+02:00 lappy xscreensaver-auth: - label: kekke 2024-08-23T20:18:44.732071+02:00 lappy xscreensaver-auth: - manufacturer: OpenSC Project 2024-08-23T20:18:44.732072+02:00 lappy xscreensaver-auth: - model: PKCS#15 2024-08-23T20:18:44.732073+02:00 lappy xscreensaver-auth: - serial: 12345678 2024-08-23T20:18:44.732074+02:00 lappy xscreensaver-auth: - flags: 04002024-08-23T20:18:51.449725+02:00 lappy xscreensaver-auth: opening a new PKCS #11 session for slot 12024-08-23T20:18:51.450225+02:00 lappy xscreensaver-auth: Saving Certificate #1:2024-08-23T20:18:51.450229+02:00 lappy xscreensaver-auth: - type: 002024-08-23T20:18:51.450230+02:00 lappy xscreensaver-auth: - id: 192024-08-23T20:18:51.450234+02:00 lappy xscreensaver-auth: Found 1 certificates in token2024-08-23T20:18:51.450237+02:00 lappy xscreensaver-auth: Retrieveing mapper module list2024-08-23T20:18:51.450245+02:00 lappy xscreensaver-auth: Loading static module for mapper 'digest'2024-08-23T20:18:51.450250+02:00 lappy xscreensaver-auth: Inserting mapper [digest] into list2024-08-23T20:18:51.450254+02:00 lappy xscreensaver-auth: Loading static module for mapper 'cn'2024-08-23T20:18:51.450256+02:00 lappy xscreensaver-auth: Inserting mapper [cn] into list2024-08-23T20:18:51.450259+02:00 lappy xscreensaver-auth: Loading static module for mapper 'pwent'2024-08-23T20:18:51.450261+02:00 lappy xscreensaver-auth: Inserting mapper [pwent] into list2024-08-23T20:18:51.450263+02:00 lappy xscreensaver-auth: Loading static module for mapper 'uid'2024-08-23T20:18:51.450265+02:00 lappy xscreensaver-auth: Inserting mapper [uid] into list2024-08-23T20:18:51.450268+02:00 lappy xscreensaver-auth: Loading static module for mapper 'mail'2024-08-23T20:18:51.450272+02:00 lappy xscreensaver-auth: Inserting mapper [mail] into list2024-08-23T20:18:51.450274+02:00 lappy xscreensaver-auth: Loading static module for mapper 'subject'2024-08-23T20:18:51.450276+02:00 lappy xscreensaver-auth: Inserting mapper [subject] into list2024-08-23T20:18:51.450279+02:00 lappy xscreensaver-auth: Loading static module for mapper 'null'2024-08-23T20:18:51.450281+02:00 lappy xscreensaver-auth: Inserting mapper [null] into list2024-08-23T20:18:51.450283+02:00 lappy xscreensaver-auth: verifying the certificate #12024-08-23T20:18:58.567780+02:00 lappy xscreensaver-auth: Adding hashdir lookup to x509_store2024-08-23T20:18:58.567790+02:00 lappy xscreensaver-auth: Adding hash dir '/etc/pam_pkcs11/cacerts' to CACERT checks2024-08-23T20:18:58.568265+02:00 lappy xscreensaver-auth: certificate is valid2024-08-23T20:18:58.568268+02:00 lappy xscreensaver-auth: crl policy: 02024-08-23T20:18:58.568269+02:00 lappy xscreensaver-auth: no revocation-check performed2024-08-23T20:18:58.568279+02:00 lappy xscreensaver-auth: certificate has not been revoked2024-08-23T20:18:58.568438+02:00 lappy xscreensaver-auth: Mapper module digest match() returns -12024-08-23T20:18:58.568440+02:00 lappy xscreensaver-auth: Error in module digest2024-08-23T20:18:58.568446+02:00 lappy xscreensaver-auth: Mapper module cn match() returns 12024-08-23T20:18:58.568447+02:00 lappy xscreensaver-auth: certificate is valid and matches the user2024-08-23T20:18:58.568448+02:00 lappy xscreensaver-auth: Skipping signature check2024-08-23T20:18:58.568456+02:00 lappy xscreensaver-auth: unloading mapper module list2024-08-23T20:18:58.568457+02:00 lappy xscreensaver-auth: calling mapper_module_end() digest2024-08-23T20:18:58.568459+02:00 lappy xscreensaver-auth: Module digest is static: don't remove2024-08-23T20:18:58.568460+02:00 lappy xscreensaver-auth: calling mapper_module_end() cn2024-08-23T20:18:58.568461+02:00 lappy xscreensaver-auth: Module cn is static: don't remove2024-08-23T20:18:58.568462+02:00 lappy xscreensaver-auth: calling mapper_module_end() pwent2024-08-23T20:18:58.568481+02:00 lappy xscreensaver-auth: Module pwent is static: don't remove2024-08-23T20:18:58.568487+02:00 lappy xscreensaver-auth: calling mapper_module_end() uid2024-08-23T20:18:58.568489+02:00 lappy xscreensaver-auth: Module uid is static: don't remove2024-08-23T20:18:58.568493+02:00 lappy xscreensaver-auth: calling mapper_module_end() mail2024-08-23T20:18:58.568499+02:00 lappy xscreensaver-auth: Module mail is static: don't remove2024-08-23T20:18:58.568500+02:00 lappy xscreensaver-auth: calling mapper_module_end() subject2024-08-23T20:18:58.568502+02:00 lappy xscreensaver-auth: Module subject is static: don't remove2024-08-23T20:18:58.568503+02:00 lappy xscreensaver-auth: calling mapper_module_end() null2024-08-23T20:18:58.568504+02:00 lappy xscreensaver-auth: Module null is static: don't remove2024-08-23T20:18:58.568506+02:00 lappy xscreensaver-auth: logout user2024-08-23T20:18:58.568509+02:00 lappy xscreensaver-auth: closing the PKCS #11 session2024-08-23T20:18:58.568516+02:00 lappy xscreensaver-auth: releasing keys and certificates2024-08-23T20:18:58.569377+02:00 lappy kernel:xscreensaver-au[25625]: segfault at 4 ip 00007f784a571f19 sp 00007fff46264908 error 4 in libc.so.6[7f784a442000+155000] likely on CPU 6 (core 10, socket 0)2024-08-23T20:18:58.569385+02:00 lappy kernel:Code: fe 7f 5c 17 e1 c5 f8 77 c3 0f 1f 84 00 00 00 00 00 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 37 01 00 00 <c5> fd 74 0f c5 fd d7 c1 85 c0 74 5b f3 0f bc c0 c5 f8 77 c3 0f 1f2024-08-23T20:18:59.020412+02:00 lappy xscreensaver-auth: explicit username = [kekke]2024-08-23T20:18:59.020415+02:00 lappy xscreensaver-auth: loading pkcs #11 module...2024-08-23T20:18:59.020417+02:00 lappy xscreensaver-auth: PKCS #11 module = [/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so]2024-08-23T20:18:59.020420+02:00 lappy xscreensaver-auth: module permissions: uid = 0, gid = 0, mode = 6442024-08-23T20:18:59.020421+02:00 lappy xscreensaver-auth: loading module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so2024-08-23T20:18:59.022223+02:00 lappy xscreensaver-auth: getting function list2024-08-23T20:18:59.022228+02:00 lappy xscreensaver-auth: initialising pkcs #11 module...2024-08-23T20:18:59.025663+02:00 lappy xscreensaver-auth: module information:2024-08-23T20:18:59.025665+02:00 lappy xscreensaver-auth: - version: 2.202024-08-23T20:18:59.025666+02:00 lappy xscreensaver-auth: - manufacturer: OpenSC Project 2024-08-23T20:18:59.025668+02:00 lappy xscreensaver-auth: - flags: 00002024-08-23T20:18:59.025669+02:00 lappy xscreensaver-auth: - library description: OpenSC smartcard framework 2024-08-23T20:18:59.025670+02:00 lappy xscreensaver-auth: - library version: 0.232024-08-23T20:18:59.027807+02:00 lappy xscreensaver-auth: number of slots (a): 12024-08-23T20:18:59.028866+02:00 lappy xscreensaver-auth: number of slots (b): 12024-08-23T20:18:59.028867+02:00 lappy xscreensaver-auth: slot 1:2024-08-23T20:18:59.030977+02:00 lappy xscreensaver-auth: - description: Athena ASE IIIe [CCID Bulk Interface] 00 00 2024-08-23T20:18:59.030979+02:00 lappy xscreensaver-auth: - manufacturer: Athena 2024-08-23T20:18:59.030980+02:00 lappy xscreensaver-auth: - flags: 00062024-08-23T20:19:03.096156+02:00 lappy xscreensaver-auth: pam_sm_setcred() calledStatistics: Posted by kekke — 2024-08-23 18:44 — Replies 1 — Views 21