Let me provide additional information on the behavior that we are seeing
If we use
sudo systemctl enable pcscd.socket
then we must issue either
sudo systemctl restart pcscd.socket
sudo systemctl stop pcscd.socket; sudo systemctl start pcscd.socket
almost every time we want to use smartcard authentication at gnome login screen
We have observed this behavior after the following events:
reboot
lock screen (seems to respond better to a stop and start of the socket rather than a restart, e.g. we can get multiple locks where we are able to log back in, if we stop and start the socket, whereas a restart just lets us get logged back in once)
log out
output from /var/log/auth.log
Sep 15 11:29:10 test-jammy gdm-password]: pam_sss(gdm-password:auth): received for user test.user: 7 (Authentication failure)
Sep 15 11:29:10 test-jammy gdm-password]: pam_pkcs11(gdm-password:auth): no suitable token available
Sep 15 11:29:10 test-jammy gdm-password]: pam_sss(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=test.user
Sep 15 11:29:10 test-jammy gdm-password]: pam_sss(gdm-password:auth): received for user test.user: 7 (Authentication failure)
Sep 15 11:29:19 test-jammy gdm-smartcard]: pam_sss(gdm-smartcard:auth): User info message: Please insert smart card
Commandline tools on the other hand seem to work as expected once the socket has been enabled, no additional socket restarts are needed
opensc-tool --list-readers
pkcs11-tool --list-token-slots
pkcs11_listcerts debug
Ludovic,
Please find the output you requested below.
systemctl status pcscd.socket system/ pcscd.socket; enabled; vendor preset: enabled) pcscd.comm (Stream) slice/pcscd. socket
● pcscd.socket - PC/SC Smart Card Daemon Activation Socket
Loaded: loaded (/lib/systemd/
Active: active (running) since Thu 2022-09-15 10:58:12 PDT; 1min 26s ago
Triggers: ● pcscd.service
Listen: /run/pcscd/
CGroup: /system.
systemctl status pcscd.service system/ pcscd.service; indirect; vendor preset: enabled) slice/pcscd. service
● pcscd.service - PC/SC Smart Card Daemon
Loaded: loaded (/lib/systemd/
Active: active (running) since Thu 2022-09-15 10:58:16 PDT; 1min 31s ago
TriggeredBy: ● pcscd.socket
Docs: man:pcscd(8)
Main PID: 2544 (pcscd)
Tasks: 7 (limit: 38174)
Memory: 1.5M
CPU: 73ms
CGroup: /system.
└─2544 /usr/sbin/pcscd --foreground --auto-exit
Let me provide additional information on the behavior that we are seeing
If we use
sudo systemctl enable pcscd.socket
then we must issue either
sudo systemctl restart pcscd.socket
sudo systemctl stop pcscd.socket; sudo systemctl start pcscd.socket
almost every time we want to use smartcard authentication at gnome login screen
We have observed this behavior after the following events:
reboot
lock screen (seems to respond better to a stop and start of the socket rather than a restart, e.g. we can get multiple locks where we are able to log back in, if we stop and start the socket, whereas a restart just lets us get logged back in once)
log out
output from /var/log/auth.log gdm-password: auth): received for user test.user: 7 (Authentication failure) gdm-password: auth): no suitable token available gdm-password: auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=test.user gdm-password: auth): received for user test.user: 7 (Authentication failure) gdm-smartcard: auth): User info message: Please insert smart card
Sep 15 11:29:10 test-jammy gdm-password]: pam_sss(
Sep 15 11:29:10 test-jammy gdm-password]: pam_pkcs11(
Sep 15 11:29:10 test-jammy gdm-password]: pam_sss(
Sep 15 11:29:10 test-jammy gdm-password]: pam_sss(
Sep 15 11:29:19 test-jammy gdm-smartcard]: pam_sss(
Commandline tools on the other hand seem to work as expected once the socket has been enabled, no additional socket restarts are needed
opensc-tool --list-readers
pkcs11-tool --list-token-slots
pkcs11_listcerts debug