[opensc-devel] PKCS#11 Event Manager

Mon, 07 May 2007 11:51:01 -0700 

Hello

when Iam using the PKCS#11 Event Manager and insert an etoken into usb,
there is no verification.
It means that when i remove etoken A and insert etoken B never mind.
 
the /var/log/auth.log is:
May 7 13:01:19 lux0 PAM-PKCS11[15302]: open_pkcs11_login() failed:
  C_Login() failed: a0
May 7 13:01:19 lux0 PAM-PKCS11[15302]: (pam_unix) authentication
failure; logname= uid=4082 euid=4082 tty=:0 ruser= rhost= user=xxx
May 7 13:01:19 lux0 kcheckpass[15302]: Authentication failure for xxx
(invoked by uid 4082)
May 7 13:01:20 lux0 PAM-PKCS11[15311]: open_pkcs11_login() failed:
C_Login() failed: a0
May 7 13:01:20 lux0 PAM-PKCS11[15311]: (pam_unix) authentication
failure; logname= uid=4082 euid=4082 tty=:0 ruser= rhost= user=xxx
May 7 13:01:20 lux0 kcheckpass[15311]: Authentication failure for xxxx
(invoked by uid 4082)

xxx is the username of the etoken

the Attachment is the /etc/pam_pkcs11/pkcs11_eventmgr.conf

What i have to do to verificate the etoken to the logged in user.

thanks

Hans Rembeck



#Sample pkcs11_eventmgr configuration file
#
pkcs11_eventmgr {

        # Run in background? Implies debug=false if true
        daemon = true;

        # show debug messages?
        debug = true;
        
        # polling time in seconds
        polling_time = 1;

        # expire time in seconds
        # default = 0 (no expire)
        expire_time = 0;
        
        # pkcs11 module to use
        #pkcs11_module = /usr/lib/opensc-pkcs11.so;
        pkcs11_module = /usr/local/lib/libetpkcs11.so;
        #pkcs11_module = /lib/security/pam_pkcs11.so;
        
        #
        # list of events and actions

        # Card inserted
        event card_insert {
                # what to do if an action fail?
                # ignore  : continue to next action
                # return  : end action sequence
                # quit    : end program
                on_error = ignore ;

                # You can enter several, comma-separated action entries
                # they will be executed in turn
                action = "echo " ", 
                "/usr/bin/killall kdesktop_lock";
        }

        # Card has been removed
        event card_remove { 
                on_error = ignore;
                action = "/usr/bin/kdesktop_lock --forcelock";

        }

        # Too much time card removed
        event expire_time { 
                on_error = ignore;
                action = "/bin/false";
        }
}


_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to