Matthias Barmeier wrote:
> Hi,
>
> Nope, nothing helps same error.
>
> I have checked the behaviour on two different computer
> with two different cardreaders.
>
> Any suggestions ???
Export the key again (the public key). And convert it again with b2fs.
The error "cannot read certificate from" is only reported if the public
key cannot be read. (Actually certificate is wrong, what is read is only
a public key.)
>
> BTW, do you have a link where pam-muscle-conf is documented
No. Only the README.
> I would like to check the LDAP stuff if it works.
> Maybe this works better ?!
LDAP is not implemented.
Karsten
>
> Ciao
> Matthias
>
> Karsten Ohme schrieb:
>
>
>>Matthias Barmeier wrote:
>>
>>
>>
>>>Karsten Ohme schrieb:
>>>
>>>
>>>
>>>
>>>>Matthias Barmeier wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>Hi,
>>>>>
>>>>>unfortunately login fails :( gdm says that he cannot read
>>>>>.muscle/user.cert.
>>>>>For now I cannot explain what wents wrong because the user.cert is readable
>>>>>for all.
>>>>>
>>>>>
>>>>
>>>>Look in your /etc/musclepam/... or how it is called. Maybe the cert path
>>>>is not correct. It should look in ${HOME}/.muscle/user.cert.
>>>>
>>>>
>>>
>>>I checked it with login, but the same problem occurrs. This is my
>>>/etc/musclepam/pam-muscle.conf
>>>
>>>Debug = ON # Debug ON or OFF
>>>CertNumber = 0 # Certificate number to use
>>>
>>>
>>
>>The above was your previous problem! The certNumber specifies the key to
>>use and this is 0! So the keys 1 and 2 never worked. This is mentioned
>>in the README, but not clearly enough.
>>
>>
>>
>>
>>>PinNumber = 1 # Pin number to verify
>>>UserPath = /home/ # Path to user home directory
>>>
>>>
>>
>>Try to comment the UserPath out. Maybe this helps.
>>
>>
>>
>>
>>>CertName = user.cert # User Certificate in DER format
>>>RootCACert = /etc/musclepam/root.cert # Root CA certificate
>>>LDAPHost = unsupported # Web-server with LDAP
>>>LDAPPath = unsupported # Search path in LDAP
>>>AuthMode = UserCert # RootCert or UserCert - see README
>>>
>>>
>>
>>Karsten
>>
>>
>>
>>
>>>-----
>>>My auth log says this:
>>>
>>>Nov 27 15:25:18 endavor login[5314]: cannot read certificate from
>>>/home/barmeier/.muscle/user.cert
>>>------
>>>
>>>But:
>>>[EMAIL PROTECTED]:/home$ more /home/barmeier/.muscle/user.cert
>>>-----BEGIN PUBLIC KEY-----
>>>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9zeF3Fe1j+bZci9H0xbGvX/U7
>>>61hC/jqvmHxcB8CVzEx6ajlErq5d78/j92YPKMU/mjVcogQ+IjvDhHOociaOwfaY
>>>UmdUSZ9VgVa5MTl+N6s9Frr9p1Q0pPXLTNm13rPU2LJaInHp6eAy7rs1VVawA0pr
>>>MmaBZxz+OrChmMi3bQIDAQAB
>>>-----END PUBLIC KEY-----
>>>
>>>
>>>And same as root:
>>>endavor:/home# more /home/barmeier/.muscle/user.cert
>>>-----BEGIN PUBLIC KEY-----
>>>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9zeF3Fe1j+bZci9H0xbGvX/U7
>>>61hC/jqvmHxcB8CVzEx6ajlErq5d78/j92YPKMU/mjVcogQ+IjvDhHOociaOwfaY
>>>UmdUSZ9VgVa5MTl+N6s9Frr9p1Q0pPXLTNm13rPU2LJaInHp6eAy7rs1VVawA0pr
>>>MmaBZxz+OrChmMi3bQIDAQAB
>>>-----END PUBLIC KEY-----
>>>
>>>The login fails everytime.
>>>This my console output when logging in:
>>>endavor login: barmeier
>>>Welcome
>>>Please enter pin:
>>>pin = 00000000
>>>
>>>Random value =
>>>2cbf473d171bd55ea2aee9a96b0588dba7275d40b7fb724f297a707c103396029d4c7f6918dc5e22f41491d61273783d8cbed2d0a5b65a7503a54226ba88b9df1e88c373fbe065243ac8dd002f2b5314e88bd839560666791f0ba85b2d5d04e2f294a454913e2e587065ba2cf733c298b38712622a83deba68c17ceabb7d042d
>>>
>>>Cipher value =
>>>20b637c2f27840d3b7c97a408178ef509e4cfec769ce50e7121396f3aae57ed2addd908e6d92a478d799e8b5e17182152bb437d59b62bc48f8d2c8bb761496ef7f9b226c97975764d7de0b855c6d68944b3062b9fc28320823d7c5ca76761241d3169b499ed818f1d854bfea7c5301ef194b4d5180666f7d88eb2f6e5c2f8cfb
>>>
>>>Password:
>>>
>>>
>>>Has my b2fs failed ??
>>>What can I do ??
>>>
>>>Ciao
>>> Matze
>>>
>>>
>>>
>>>
>>>
>>>
>>>>And enable DEBUG in this file. gdm is not a suitable way to log in and
>>>>to find the error. You must do it at the console, so you can see the
>>>>debug infos.
>>>>
>>>>Karsten
>>>>
>>>>
>>>>
>>>>
>>>
>>>_______________________________________________
>>>Muscle mailing list
>>>Muscle@lists.musclecard.com
>>>http://lists.drizzle.com/mailman/listinfo/muscle
>>>
>>>
>>
>>_______________________________________________
>>Muscle mailing list
>>Muscle@lists.musclecard.com
>>http://lists.drizzle.com/mailman/listinfo/muscle
>>
>>
>>
>>
>
>
> _______________________________________________
> Muscle mailing list
> Muscle@lists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
