PAM/Poldi and GPG/scdaemon interactions

Olivier Mehani shtrom at ssji.net
Fri Aug 21 01:41:20 CEST 2015


Hi all,

I'm using an OpenPGP smartcard, and am trying to use it to authenticate
to the system using Poldi. I seem to have a race condition betwen the
system's pam_poldi, and my user's gpg-agent/scdaemon processes.
Essentially, it seems I can either login, but not use the card for
GPG---I get this sort of errors

	$ gpg --card-status
	gpg: OpenPGP card not available: Not supported

---or (after killing scdaemon and restarting pcscd), use the card through
gpg-agent, but no longer for system auth, with the following errors:

	$ sudo whatever
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: no supported card application found: General error
	Waiting for card for user `USER'...
	scdaemon[29109]: updating reader 0 (0) status: 0x0000->0x0007 (0->1)
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: apdu_send_simple(0) failed: unknown host status error
	scdaemon[29109]: no supported card application found: General error
	scdaemon[29109]: scdaemon (GnuPG) 2.1.7 stopped


What is the proper way to set this up? Should scdaemon by started by the
system explicitely (poldi.conf has the right path set up to the scdaemon
binary already)? Or should I tell the gpg-agent to use the existing
scdaemon, if any? If so, how?

Thanks!

-- 
Olivier Mehani <shtrom at ssji.net>
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE  F5F9 F012 A6E2 98C6 6655
Confidentiality cannot be guaranteed on emails sent or received unencrypted.




More information about the Gnupg-users mailing list