Ubuntu
pcsc-lite package

  1. Bug #1971984
  2. Comment #17

Comment 17 for bug 1971984

Revision history for this message
Seth Tanner (sjtanner) wrote : Re: pcscd 1.9.5-3 do not start automatically, only manual

Ludovic,
Please find the output you requested below.

systemctl status pcscd.socket
● pcscd.socket - PC/SC Smart Card Daemon Activation Socket
     Loaded: loaded (/lib/systemd/system/pcscd.socket; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-09-15 10:58:12 PDT; 1min 26s ago
   Triggers: ● pcscd.service
     Listen: /run/pcscd/pcscd.comm (Stream)
     CGroup: /system.slice/pcscd.socket

systemctl status pcscd.service
● pcscd.service - PC/SC Smart Card Daemon
     Loaded: loaded (/lib/systemd/system/pcscd.service; indirect; vendor preset: enabled)
     Active: active (running) since Thu 2022-09-15 10:58:16 PDT; 1min 31s ago
TriggeredBy: ● pcscd.socket
       Docs: man:pcscd(8)
   Main PID: 2544 (pcscd)
      Tasks: 7 (limit: 38174)
     Memory: 1.5M
        CPU: 73ms
     CGroup: /system.slice/pcscd.service
             └─2544 /usr/sbin/pcscd --foreground --auto-exit

Let me provide additional information on the behavior that we are seeing
If we use
sudo systemctl enable pcscd.socket

then we must issue either
sudo systemctl restart pcscd.socket
sudo systemctl stop pcscd.socket; sudo systemctl start pcscd.socket

almost every time we want to use smartcard authentication at gnome login screen

We have observed this behavior after the following events:
reboot
lock screen (seems to respond better to a stop and start of the socket rather than a restart, e.g. we can get multiple locks where we are able to log back in, if we stop and start the socket, whereas a restart just lets us get logged back in once)
log out

output from /var/log/auth.log
Sep 15 11:29:10 test-jammy gdm-password]: pam_sss(gdm-password:auth): received for user test.user: 7 (Authentication failure)
Sep 15 11:29:10 test-jammy gdm-password]: pam_pkcs11(gdm-password:auth): no suitable token available
Sep 15 11:29:10 test-jammy gdm-password]: pam_sss(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=test.user
Sep 15 11:29:10 test-jammy gdm-password]: pam_sss(gdm-password:auth): received for user test.user: 7 (Authentication failure)
Sep 15 11:29:19 test-jammy gdm-smartcard]: pam_sss(gdm-smartcard:auth): User info message: Please insert smart card

Commandline tools on the other hand seem to work as expected once the socket has been enabled, no additional socket restarts are needed
opensc-tool --list-readers
pkcs11-tool --list-token-slots
pkcs11_listcerts debug