Opengpg smartcard with lightdm an truecrypt

Detlev Reymann detlev at
Sat Feb 1 17:58:23 CET 2014

Hash: SHA1


I recently bought a Opengpg smartcard, version 2.0 and managed to use
it on two computers running Ubuntu 12.10 and Ubuntu 13.04.

After reading nearly all informations I found in the internet it is
possible to use it for ssh, for gpg (in combination with thunderbird
and enigmail) and (partly) for log in.

Two problems are left and it would be great to get some hints from the

First problem is log-in with lightdm. I installed pam_poldi and
changed the file /etc/pam.d/lightdm to look like this:

- -----/etc/pam.d/lightdm---------------
auth    requisite
auth    required readenv=1
auth    required readenv=1 envfile=/etc/default/locale
auth    sufficient user ingroup nopasswdlogin
auth    sufficient try-pin 123456
auth    required nullok_secure
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] close
session required
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] open
session optional auto_start
@include common-password
- --------------------------------------

The changes compared with the original file are the lines:
auth    sufficient try-pin 123456 (not the real pin :-))
auth    required nullok_secure
instead of:
@include common-auth

I expected that lightdm would first try to read the smartcard and
possibly fall back to password login.

What happens instead is, that after a long while it asks for the pin
of the smartcard and then additionally for the password.

I do not find any information on the internet how to change this. So
this is only partially successful.

Second problem is the use of the smartcard (with a keyfile) and
truecrypt (version 7.0a)

Using the library /usr/lib/ as PKCS#11 Library Path
leads to an error message saying:

"No security token found. Please make sure your security token is
connected to your computer and the correct
device driver for your token is installed."

Using (or, which I found on gives an other error message:

"Security token error:

This happens always, even if I kill the pgp-agent before (this is
necessary, when I switch to my HBCI-Smartcard (German
online-banking-smartcard) or whatever else.

Any hint would be great; thanks in advance

- -- 
Detlev Reymann
detlev at

Diese Nachricht ist elektronisch mit GPG signiert. Wenn Sie nicht mit
entsprechender Software arbeiten, ignorieren Sie bitte den
entsprechenden Abschnitt dieser Mail einfach.

This mail is signed electronically via gpg. If you do not use
encryption software, simply ignore the additional part of this mail
Version: GnuPG v1.4.12 (GNU/Linux)


More information about the Gnupg-users mailing list