PDA

View Full Version : SLED 12 SP3 How to enable Login auto-detect for PAM-PKCS11



Beiw
10-Dec-2018, 03:23
From pam-pkcs11's doc, I found that:
Starting at pam_pkcs11-0.4.2 a new feature is provided: pam-pkcs11 can deduce the username from the user certificate without using the login prompt.

And after I added "auth sufficient pam_pkcs11.so" in /etc/pam.d/gdm of redhat 7.5, I can use the feature about login auto-detect:
If a card is not present, "gdm" will prompt again for a user login
If a card is present, pam-pkcs11 will ask for the PIN, and then invoke finder in module mapper list. When a user is found, this user become the logged user

And since the default pam-pkcs11 for SLED 12 sp3 is pam_pkcs11 0.6.8-5.81. I think this feature is suppored in SLED 12 sp3 too. But even if I added "auth sufficient pam_pkcs11.so", I can't find this feature is enabled. Then how to enable Login auto-detect for PAM-PKCS11 in SLED 12 SP3? Thanks a lot.

Automatic Reply
14-Dec-2018, 06:30
Beiw,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit http://www.suse.com/support and search the knowledgebase and/or check all
the other support options available.
- Open a service request: https://www.suse.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.suse.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.suse.com/faq.php

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot..

Good luck!

Your SUSE Forums Team
http://forums.suse.com