load_pkcs11_module() failed loading....
Ubuntu 16.04
Trying to install pam....
When I log into my server I get the following....
ERROR:pam_
I am new to pam...is there a config file that is missing....
is there an example I can look at?
I see the following online.....
ln -s /usr/lib/
Is that the solution?
do I have a missing file?
Question information
- Language:
- English Edit question
- Status:
- Answered
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Revision history for this message
|
#1 |
"Trying to install pam...."
How did you try installing it?
What is the output of the commands
uname -a
lsb_release -crid
apt-cache policy libpam-pkcs11 opensc-pkcs11 libpam-runtime libpam-modules libpam0g
Revision history for this message
|
#2 |
#sudo apt-get install libpam-pkcs11
#sudo apt-get install opensc-pkcs11
sudo mkdir /etc/pam_pkcs11
zcat /usr/share/
sudo mkdir /etc/pam_
edit the use_mappers line in /etc/pam_
Commands......
uname -a
Linux STIGtest 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
lsb_release -crid
Distributor ID: Ubuntu
Description: Ubuntu 16.04.05 LTS
Release: 16.04
Codename: xenial
apt-cache policy libpam-pkcs11 opensc-pkcs11 libpam-runtime libpam-modules libpam0g
[cid:image001.
[cid:image002.
Thanks
Bill
-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Manfred Hampl
Sent: Wednesday, December 05, 2018 4:15 AM
To: ECCLES, WILLIAM <email address hidden>
Subject: Re: [Question #676600]: load_pkcs11_
Your question #676600 on pam-pkcs11 in Ubuntu changed:
Status: Open => Needs information
Manfred Hampl requested more information:
"Trying to install pam...."
How did you try installing it?
What is the output of the commands
uname -a
lsb_release -crid
apt-cache policy libpam-pkcs11 opensc-pkcs11 libpam-runtime libpam-modules libpam0g
--
To answer this request for more information, you can either reply to
this email or enter your reply at the following page:
You received this question notification because you asked the question.
Revision history for this message
|
#3 |
1. I suggest that you look at your question document at launchpad: https:/
It is not possible to attach images for launchpad questions.
The question document is cluttered up with irrelevant reply information from your e-mail system.
Please just copy/paste the text of the apt-cache command as requested as text, and not as an image. Furthermore please remove all old information if you prefer to answer by e-mail reply.
2. And now to your problem: You have to verify whether the contents of the example config file agree with the setup of your system.
I assume that you have to correct the file location in line ~30
from
pkcs11_module opensc {
module = /usr/lib/
to
pkcs11_module opensc {
module = /usr/lib/
(or whatever the real location of the opensc-pkcs11.so file is on your system).
Revision history for this message
|
#4 |
I did not change that line initially...so it is changed now and a new error appeared....
SmartCard authentication starts
ERROR:pam_
Error 2306: No suitable token available
Output to apt-cache policy libpam-pkcs11 opensc-pkcs11 libpam-runtime libpam-modules libpam0g
libpam-pkcs11:
Installed: 0.6.8-4
Candidate: 0.6.8-4
Version table:
*** 0.6.8-4 500
500 http://
100 /var/lib/
opensc-pkcs11:
Installed: 0.15.0-1ubuntu1
Candidate: 0.15.0-1ubuntu1
Version table:
*** 0.15.0-1ubuntu1 500
500 http://
100 /var/lib/
libpam-runtime:
Installed: 1.1.8-3.2ubuntu2.1
Candidate: 1.1.8-3.2ubuntu2.1
Version table:
*** 1.1.8-3.2ubuntu2.1 500
500 http://
500 http://
100 /var/lib/
*** 1.1.8-3.2ubuntu2 500
500 http://
500 http://
libpam-modules:
Installed: 1.1.8-3.2ubuntu2.1
Candidate: 1.1.8-3.2ubuntu2.1
Version table:
*** 1.1.8-3.2ubuntu2.1 500
500 http://
100 /var/lib/
500 http://
libpam0g:
Installed: 1.1.8-3.2ubuntu2.1
Candidate: 1.1.8-3.2ubuntu2.1
Version table:
*** 1.1.8-3.2ubuntu2.1 500
500 http://
100 /var/lib/
500 http://
-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Manfred Hampl
Sent: Wednesday, December 05, 2018 8:23 AM
To: ECCLES, WILLIAM <email address hidden>
Subject: Re: [Question #676600]: load_pkcs11_
Your question #676600 on pam-pkcs11 in Ubuntu changed:
https:/
Status: Open => Answered
Manfred Hampl proposed the following answer:
1. I suggest that you look at your question document at launchpad:
https:/
to see that the information that you sent is not usable.
It is not possible to attach images for launchpad questions.
The question document is cluttered up with irrelevant reply information from your e-mail system.
Please just copy/paste the text of the apt-cache command as requested as
text, and not as an image. Furthermore please remove all old information
if you prefer to answer by e-mail reply.
2. And now to your problem: You have to verify whether the contents of
the example config file agree with the setup of your system.
I assume that you have to correct the file location in line ~30
from
pkcs11_module opensc {
module = /usr/lib/
to
pkcs11_module opensc {
module = /usr/lib/
(or whatever the real location of the opensc-pkcs11.so file is on your system).
--
If this answers your question, please go to the following page to let us
know that it is solved:
https:/
If you still need help, you can reply to this email or go to the
following page to enter your feedback:
https:/
You received this question notification because you asked the question.
Revision history for this message
|
#5 |
What kind of authentication do you want to use?
What kind of token do you have?
Is it correctly configured?
Are you following some instructions how to (re)configure the authorization system using PAM and tokens?
And again:
Remove the original mail when you reply to launchpad question e-mails.
Revision history for this message
|
#6 |
What kind of authentication do you want to use?
We will be using card authentication
What kind of token do you have?
Card
Is it correctly configured?
I do not know....first time configuring PAM
Are you following some instructions how to (re)configure the authorization system using PAM and tokens?
Just what I find on the internet/search
Revision history for this message
|
#7 |
The message:
"Error 2306: No suitable token available" tells that at this moment no card for authentication could be found. Was it inserted in the reader at that moment?
Revision history for this message
|
#8 |
No it was not....just trying to set the server up to be able to accept a card.
If that is the message for no card read....or no card available....then it seems that is the correct message.
Thank you for your assistance.
You are very knowledgeable and sharing that knowledge is very much appreciated!!!!!!
Bill
-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Manfred Hampl
Sent: Wednesday, December 05, 2018 3:33 PM
To: ECCLES, WILLIAM <email address hidden>
Subject: Re: [Question #676600]: load_pkcs11_
Your question #676600 on pam-pkcs11 in Ubuntu changed:
https:/
Status: Open => Needs information
Manfred Hampl requested more information:
The message:
"Error 2306: No suitable token available" tells that at this moment no card for authentication could be found. Was it inserted in the reader at that moment?
--
To answer this request for more information, you can either reply to
this email or enter your reply at the following page:
https:/
You received this question notification because you asked the question.
Revision history for this message
|
#9 |
I accidentally deleted the /etc/pam.d/login file
Can you please tell me what I need to do to recreate it?
Revision history for this message
|
#10 |
Don't you have a backup to restore it?
I assume that /etc/pam.d/login is provided by the "login" package.
Reinstalling that package may restore the file (but might also have undesired side effects).
Revision history for this message
|
#11 |
I was running through a STIG list and inadvertently installed APM and pkcs11
We do not have any cards to use for authentication....
My login would not work at all.....received authentication errors
It did not seem possible to disable pkcs11 so I tried to uninstall it.....
I used....
sudo apt-get remove --auto-remove opensc-pkcs11
sudo apt-get purge --auto-remove opensc-pkcs11
However, there still seems to remnants of the package in the system.
I still get login errors as follows when I try to login with my user....sdn....
Smartcard authentication starts
DEBUG:pam_
DEBUG:pam_
DEBUG:pam_
ERROR:pam_
Error 2303: PKCS#11module failed loading
Any guidance to remove pkcs11 so I can login would be appreciated.
Should I also remove PAM?
Thank you
Bill
Revision history for this message
|
#12 |
Sorry, I do not know what modifications you did to your system in an attempt to enable pam-pkcs11 authentication. You probably would have to undo them.
Maybe there are some remnants in the /etc/pam_pkcs11 directory or in the /etc/pam.conf and /etc/pam.d/* configuration files.
Revision history for this message
|
#13 |
That is the problem....
I did not make changes to the files....
But I seem to be going through the authentication process...
Not sure where to look.....
Should these directories/files be deleted?
/etc/pam_pkcs11 directory or in the
/etc/pam.conf
/etc/pam.d/* configuration files.
-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Manfred Hampl
Sent: Monday, January 14, 2019 12:13 PM
To: ECCLES, WILLIAM <email address hidden>
Subject: Re: [Question #676600]: load_pkcs11_
Your question #676600 on pam-pkcs11 in Ubuntu changed:
https:/
Status: Open => Answered
Manfred Hampl proposed the following answer:
Sorry, I do not know what modifications you did to your system in an
attempt to enable pam-pkcs11 authentication. You probably would have to
undo them.
Maybe there are some remnants in the /etc/pam_pkcs11 directory or in the
/etc/pam.conf and /etc/pam.d/* configuration files.
--
If this answers your question, please go to the following page to let us
know that it is solved:
https:/
If you still need help, you can reply to this email or go to the
following page to enter your feedback:
https:/
You received this question notification because you asked the question.
Revision history for this message
|
#14 |
1. I already told twice: Please do not use the "reply with history" function in your e-mail system when you answer. Look at https:/
2. "I did not make changes to the files...."
You did. At least one of the commands that you entered
"zcat /usr/share/
If you cannot remember all changes that you have done, who else should know them?
I can only say: Changes on the authentication system like this should be tried in a test system first where it does not do any harm if it is broken.
Revision history for this message
|
#15 |
Thank you for the update....
I will look at the previous mails and the information you sent.
This is a test system....but I would like to still get into it.
I have no clue about pkcs11 nor PAM....
I thank you for sharing your expertise.
Revision history for this message
|
#16 |
I believe I removed what was created or what I had changed...
Seems the SmartCard authentication is still starting because when I enter login and password I get....
Login: sdn
Password: <password>
Smartcard authentication starts
ERROR:
Login incorrect
Is there somewhere to look - or a command to run - to stop the Smartcard authentication from starting?
Thanks
Revision history for this message
|
#17 |
There is no need to search previous e-mails. The full conversation is available at https:/
If you are unable to log it to that system, you always can boot in recovery mode - root prompt.
I suggest that you compare the contents of all logon-related config files with those on a working system.
Another possible approach is reinstalling the packages related to authentication (maybe login, passwd, libpam06, libpam-mosules, libpam-runtime - check first which of them you have installed!)
Can you help with this problem?
Provide an answer of your own, or ask Bill Eccles for more information if necessary.