load_pkcs11_module() failed loading....

Asked by Bill Eccles on 2018-12-04

Ubuntu 16.04
Trying to install pam....
When I log into my server I get the following....

ERROR:pam_pkcs11.c:323: load_pkcs11_mosule() failed loading /usr/lib/opensc-pkcs11.so: stat() failed: No such file or directory.

I am new to pam...is there a config file that is missing....
is there an example I can look at?

I see the following online.....
ln -s /usr/lib/pkcs11/opensc-pkcs11.so /usr/lib/

Is that the solution?
do I have a missing file?

Question information

Language:
English Edit question
Status:
Open
For:
Ubuntu pam-pkcs11 Edit question
Assignee:
No assignee Edit question
Last query:
2018-12-05
Last reply:
2018-12-05
Manfred Hampl (m-hampl) said : #1

"Trying to install pam...."
How did you try installing it?

What is the output of the commands
uname -a
lsb_release -crid
apt-cache policy libpam-pkcs11 opensc-pkcs11 libpam-runtime libpam-modules libpam0g

Bill Eccles (weccles) said : #2

#sudo apt-get install libpam-pkcs11

#sudo apt-get install opensc-pkcs11

sudo mkdir /etc/pam_pkcs11

zcat /usr/share/doc/libpam-pkcs11/examples/pam_pkcs11.conf.example.gz | sudo tee /etc/pam_pkcs11/pam_pkcs11.conf

sudo mkdir /etc/pam_pkcs11/cacerts /etc/pam_pkcs11/crls

edit the use_mappers line in /etc/pam_pkcs11/pam_pkcs11.conf to list only pwent

Commands......

uname -a

Linux STIGtest 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

lsb_release -crid

Distributor ID: Ubuntu

Description: Ubuntu 16.04.05 LTS

Release: 16.04

Codename: xenial

apt-cache policy libpam-pkcs11 opensc-pkcs11 libpam-runtime libpam-modules libpam0g

[cid:image001.jpg@01D48C70.C55AB930]

[cid:image002.jpg@01D48C70.C55AB930]

Thanks

Bill

-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Manfred Hampl
Sent: Wednesday, December 05, 2018 4:15 AM
To: ECCLES, WILLIAM <email address hidden>
Subject: Re: [Question #676600]: load_pkcs11_module() failed loading....

Your question #676600 on pam-pkcs11 in Ubuntu changed:

https://urldefense.proofpoint.com/v2/url?u=https-3A__answers.launchpad.net_ubuntu_-2Bsource_pam-2Dpkcs11_-2Bquestion_676600&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=PpPhkgNrf1luu96xmmdnSg&m=xjQpo_Ow8o3mGHgPfyWQ80UgrprVisTz8uNq1yDb_Lk&s=iMN8oM8mPJxw7N-77edlOGZmh6vP5V9OFEpec16lmtY&e=

    Status: Open => Needs information

Manfred Hampl requested more information:

"Trying to install pam...."

How did you try installing it?

What is the output of the commands

uname -a

lsb_release -crid

apt-cache policy libpam-pkcs11 opensc-pkcs11 libpam-runtime libpam-modules libpam0g

--

To answer this request for more information, you can either reply to

this email or enter your reply at the following page:

https://urldefense.proofpoint.com/v2/url?u=https-3A__answers.launchpad.net_ubuntu_-2Bsource_pam-2Dpkcs11_-2Bquestion_676600&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=PpPhkgNrf1luu96xmmdnSg&m=xjQpo_Ow8o3mGHgPfyWQ80UgrprVisTz8uNq1yDb_Lk&s=iMN8oM8mPJxw7N-77edlOGZmh6vP5V9OFEpec16lmtY&e=

You received this question notification because you asked the question.

Manfred Hampl (m-hampl) said : #3

1. I suggest that you look at your question document at launchpad: https://answers.launchpad.net/ubuntu/+source/pam-pkcs11/+question/676600 to see that the information that you sent is not usable.

It is not possible to attach images for launchpad questions.
The question document is cluttered up with irrelevant reply information from your e-mail system.

Please just copy/paste the text of the apt-cache command as requested as text, and not as an image. Furthermore please remove all old information if you prefer to answer by e-mail reply.

2. And now to your problem: You have to verify whether the contents of the example config file agree with the setup of your system.

I assume that you have to correct the file location in line ~30
from
  pkcs11_module opensc {
    module = /usr/lib/opensc-pkcs11.so;
to
  pkcs11_module opensc {
    module = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so;
(or whatever the real location of the opensc-pkcs11.so file is on your system).

Bill Eccles (weccles) said : #4

I did not change that line initially...so it is changed now and a new error appeared....

SmartCard authentication starts
ERROR:pam_pkcs11.c:357: no suitable token available
Error 2306: No suitable token available

Output to apt-cache policy libpam-pkcs11 opensc-pkcs11 libpam-runtime libpam-modules libpam0g

libpam-pkcs11:
 Installed: 0.6.8-4
 Candidate: 0.6.8-4
 Version table:
           *** 0.6.8-4 500
  500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
  100 /var/lib/dpkg/status
opensc-pkcs11:
 Installed: 0.15.0-1ubuntu1
 Candidate: 0.15.0-1ubuntu1
 Version table:
          *** 0.15.0-1ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
  100 /var/lib/dpkg/status
libpam-runtime:
 Installed: 1.1.8-3.2ubuntu2.1
 Candidate: 1.1.8-3.2ubuntu2.1
 Version table:
           *** 1.1.8-3.2ubuntu2.1 500
  500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
  500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages
  100 /var/lib/dpkg/status
           *** 1.1.8-3.2ubuntu2 500
  500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
  500 http://us.archive.ubuntu.com/ubuntu xenial/main i386 Packages
libpam-modules:
 Installed: 1.1.8-3.2ubuntu2.1
 Candidate: 1.1.8-3.2ubuntu2.1
 Version table:
           *** 1.1.8-3.2ubuntu2.1 500
  500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
  100 /var/lib/dpkg/status
                  1.1.8-3.2ubuntu2.1 500
  500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
libpam0g:
 Installed: 1.1.8-3.2ubuntu2.1
 Candidate: 1.1.8-3.2ubuntu2.1
 Version table:
           *** 1.1.8-3.2ubuntu2.1 500
  500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
  100 /var/lib/dpkg/status
                  1.1.8-3.2ubuntu2 500
  500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Manfred Hampl
Sent: Wednesday, December 05, 2018 8:23 AM
To: ECCLES, WILLIAM <email address hidden>
Subject: Re: [Question #676600]: load_pkcs11_module() failed loading....

Your question #676600 on pam-pkcs11 in Ubuntu changed:
https://urldefense.proofpoint.com/v2/url?u=https-3A__answers.launchpad.net_ubuntu_-2Bsource_pam-2Dpkcs11_-2Bquestion_676600&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=PpPhkgNrf1luu96xmmdnSg&m=V_2sby7iFJYgnDPRUxXdeSAwQBL3VyLtOiBHAbk0nSc&s=DOONCh1oquVFsUa7GfXuIZSbFHwj1tIKAHTVSAyp4A4&e=

    Status: Open => Answered

Manfred Hampl proposed the following answer:
1. I suggest that you look at your question document at launchpad:
https://urldefense.proofpoint.com/v2/url?u=https-3A__answers.launchpad.net_ubuntu_-2Bsource_pam-2Dpkcs11_-2Bquestion_676600&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=PpPhkgNrf1luu96xmmdnSg&m=V_2sby7iFJYgnDPRUxXdeSAwQBL3VyLtOiBHAbk0nSc&s=DOONCh1oquVFsUa7GfXuIZSbFHwj1tIKAHTVSAyp4A4&e=
to see that the information that you sent is not usable.

It is not possible to attach images for launchpad questions.
The question document is cluttered up with irrelevant reply information from your e-mail system.

Please just copy/paste the text of the apt-cache command as requested as
text, and not as an image. Furthermore please remove all old information
if you prefer to answer by e-mail reply.

2. And now to your problem: You have to verify whether the contents of
the example config file agree with the setup of your system.

I assume that you have to correct the file location in line ~30
from
  pkcs11_module opensc {
    module = /usr/lib/opensc-pkcs11.so;
to
  pkcs11_module opensc {
    module = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so;
(or whatever the real location of the opensc-pkcs11.so file is on your system).

--
If this answers your question, please go to the following page to let us
know that it is solved:
https://urldefense.proofpoint.com/v2/url?u=https-3A__answers.launchpad.net_ubuntu_-2Bsource_pam-2Dpkcs11_-2Bquestion_676600_-2Bconfirm-3Fanswer-5Fid-3D2&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=PpPhkgNrf1luu96xmmdnSg&m=V_2sby7iFJYgnDPRUxXdeSAwQBL3VyLtOiBHAbk0nSc&s=WPaRSZcO_ixxCj_r3GbM8bdhpE0LrKiw9Gygw7HrCa4&e=

If you still need help, you can reply to this email or go to the
following page to enter your feedback:
https://urldefense.proofpoint.com/v2/url?u=https-3A__answers.launchpad.net_ubuntu_-2Bsource_pam-2Dpkcs11_-2Bquestion_676600&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=PpPhkgNrf1luu96xmmdnSg&m=V_2sby7iFJYgnDPRUxXdeSAwQBL3VyLtOiBHAbk0nSc&s=DOONCh1oquVFsUa7GfXuIZSbFHwj1tIKAHTVSAyp4A4&e=

You received this question notification because you asked the question.

Manfred Hampl (m-hampl) said : #5

What kind of authentication do you want to use?
What kind of token do you have?
Is it correctly configured?
Are you following some instructions how to (re)configure the authorization system using PAM and tokens?

And again:
Remove the original mail when you reply to launchpad question e-mails.

Bill Eccles (weccles) said : #6

What kind of authentication do you want to use?
 We will be using card authentication
What kind of token do you have?
 Card
Is it correctly configured?
 I do not know....first time configuring PAM
Are you following some instructions how to (re)configure the authorization system using PAM and tokens?
 Just what I find on the internet/search

Manfred Hampl (m-hampl) said : #7

The message:
"Error 2306: No suitable token available" tells that at this moment no card for authentication could be found. Was it inserted in the reader at that moment?

Bill Eccles (weccles) said : #8

No it was not....just trying to set the server up to be able to accept a card.

If that is the message for no card read....or no card available....then it seems that is the correct message.

Thank you for your assistance.
You are very knowledgeable and sharing that knowledge is very much appreciated!!!!!!
Bill

-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Manfred Hampl
Sent: Wednesday, December 05, 2018 3:33 PM
To: ECCLES, WILLIAM <email address hidden>
Subject: Re: [Question #676600]: load_pkcs11_module() failed loading....

Your question #676600 on pam-pkcs11 in Ubuntu changed:
https://urldefense.proofpoint.com/v2/url?u=https-3A__answers.launchpad.net_ubuntu_-2Bsource_pam-2Dpkcs11_-2Bquestion_676600&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=PpPhkgNrf1luu96xmmdnSg&m=TLWn9YV78IpzupbrkcdPVguhc0KuKlNLJotSDDVMMNc&s=NPN4uNIr_07GcPQd9qAODJgM25n6m29afcScmPDLYFg&e=

    Status: Open => Needs information

Manfred Hampl requested more information:
The message:
"Error 2306: No suitable token available" tells that at this moment no card for authentication could be found. Was it inserted in the reader at that moment?

--
To answer this request for more information, you can either reply to
this email or enter your reply at the following page:
https://urldefense.proofpoint.com/v2/url?u=https-3A__answers.launchpad.net_ubuntu_-2Bsource_pam-2Dpkcs11_-2Bquestion_676600&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=PpPhkgNrf1luu96xmmdnSg&m=TLWn9YV78IpzupbrkcdPVguhc0KuKlNLJotSDDVMMNc&s=NPN4uNIr_07GcPQd9qAODJgM25n6m29afcScmPDLYFg&e=

You received this question notification because you asked the question.

Can you help with this problem?

Provide an answer of your own, or ask Bill Eccles for more information if necessary.

To post a message you must log in.