-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,
I recently bought a Opengpg smartcard, version 2.0 and managed to use it on two computers running Ubuntu 12.10 and Ubuntu 13.04. After reading nearly all informations I found in the internet it is possible to use it for ssh, for gpg (in combination with thunderbird and enigmail) and (partly) for log in. Two problems are left and it would be great to get some hints from the community. First problem is log-in with lightdm. I installed pam_poldi and changed the file /etc/pam.d/lightdm to look like this: - -----/etc/pam.d/lightdm--------------- #%PAM-1.0 auth requisite pam_nologin.so auth required pam_env.so readenv=1 auth required pam_env.so readenv=1 envfile=/etc/default/locale auth sufficient pam_succeed_if.so user ingroup nopasswdlogin auth sufficient pam_poldi.so try-pin 123456 auth required pam_unix.so nullok_secure @include common-account session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close session required pam_limits.so @include common-session session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open session optional pam_gnome_keyring.so auto_start @include common-password - -------------------------------------- The changes compared with the original file are the lines: auth sufficient pam_poldi.so try-pin 123456 (not the real pin :-)) auth required pam_unix.so nullok_secure instead of: @include common-auth I expected that lightdm would first try to read the smartcard and possibly fall back to password login. What happens instead is, that after a long while it asks for the pin of the smartcard and then additionally for the password. I do not find any information on the internet how to change this. So this is only partially successful. Second problem is the use of the smartcard (with a keyfile) and truecrypt (version 7.0a) Using the library /usr/lib/opensc-pkcs11.so as PKCS#11 Library Path leads to an error message saying: "No security token found. Please make sure your security token is connected to your computer and the correct device driver for your token is installed." Using libOpenPGP11_64.so (or libOpenPGP11_32.so, which I found on http://smartcard-auth.de/download-de.html gives an other error message: "Security token error: DEVICE REMOVED" This happens always, even if I kill the pgp-agent before (this is necessary, when I switch to my HBCI-Smartcard (German online-banking-smartcard) or whatever else. Any hint would be great; thanks in advance Detlev - -- Detlev Reymann det...@reymann.eu http://www.reymann.eu Diese Nachricht ist elektronisch mit GPG signiert. Wenn Sie nicht mit entsprechender Software arbeiten, ignorieren Sie bitte den entsprechenden Abschnitt dieser Mail einfach. This mail is signed electronically via gpg. If you do not use encryption software, simply ignore the additional part of this mail -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJS7SeoAAoJEM6JTkpQd1J1X/YH/3FnvAGdZOg3SGlwao+zh4Ns hAj3oxC0U0cAgtGobW0/TV1PMxGuFRSaInLTwlJ6VzOnZ4fYb65lF74ZCz4AVLLh dZxEF1qoCCN45AR9XTZ8DVmoqxvUv9rGR9ePuAeEhB3zJFAQEkQ+J1YQoGtx9kR6 Y5uxtDSKUWlNNl84HMKrXewKfA96AFLcSDFDw2FijlSmTEOWvpdzma5fI4R2VSoh +WWSgFbvn/X6o4mIr0Lw9htfYN4trO7YngRcw3/fLqF1Up8j0qdm6wKTKdBjAN0k c6Ogx7fLE9cCddnV4YHmGpJeNiBjbosNyxHW3pjeI3YU8N4LnI4OP0F9rOHkIM0= =i4cq -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
