Re: F8 GDM Issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Aaron Lippold wrote, On 04/01/2008 12:20 AM:

I just setup my F8 box and it seems that GDM and xscreensaver aren't playing nicely with coolkey again. My GDM session doesn't 1) add the "username or smartcard" text and doesn't acknowledge insertion of the card even though the SCM app does. xscreensaver does not even though I set it to 'Lock' in the auth settings. Most of my testing was done in RHEL5.0 so maybe its just a matter of patches.

FF/TB with the modules works so I know that pcscd, etc seem to be working.



did you mod /etc/pam.d/gdm ?

echo "echo \"Nothing but PKCS11 cards\" >> /etc/nologin" >> /etc/rc.d/rc.local

and apply:
--- gdm 2007/11/15 14:52:54     1.1
+++ gdm 2007/12/03 21:34:48
@@ -1,9 +1,11 @@
+auth       sufficient  /lib/security/
+account    required
 auth     [success=done ignore=ignore default=bad]
 auth       required
 auth       include     system-auth
 auth       optional
-account    required
+#account    required
 account    include     system-auth
 password   include     system-auth
 session    required close

and /etc/pam.d/login and /etc/pam.d/xscreensaver need similar patches.

also don't forget to use redhat's undocumented tool "certutil" to stuff the CA's in the appropriate barely documented nssdb place.

One of these days, I need to learn enough pam to get by with this without having to use /etc/nologin, i.e., all users but root require pkcs11, however root can login with password.

Hope this helps.
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter

Coolkey-devel mailing list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux