Does anyone know why pam_pkcs11 is missing in the Fedora 25 repos? Systems upgraded from 24 still have the 24 version and it appears to work (at least as well as it did in 24). Newly install 25 systems don't appear to be able to install it.
I don't see anything in the release notes or common bugs about this and /etc/pam.d/smartcard-auth still refers to it.
Thanks,
Jim
On 11/30/2016 05:09 PM, Jim Simmons wrote:
Does anyone know why pam_pkcs11 is missing in the Fedora 25 repos? Systems upgraded from 24 still have the 24 version and it appears to work (at least as well as it did in 24). Newly install 25 systems don't appear to be able to install it.
It was retired last month.
https://admin.fedoraproject.org/pkgdb/package/rpms/pam_pkcs11/
I don't see anything in the release notes or common bugs about this and /etc/pam.d/smartcard-auth still refers to it.
You could file a bug against the authconfig package asking to update the defaults.
On Thu, Dec 01, 2016 at 09:43:17AM -0600, Michael Cronenworth wrote:
On 11/30/2016 05:09 PM, Jim Simmons wrote:
Does anyone know why pam_pkcs11 is missing in the Fedora 25 repos? Systems upgraded from 24 still have the 24 version and it appears to work (at least as well as it did in 24). Newly install 25 systems don't appear to be able to install it.
It was retired last month.
https://admin.fedoraproject.org/pkgdb/package/rpms/pam_pkcs11/
I don't see anything in the release notes or common bugs about this and /etc/pam.d/smartcard-auth still refers to it.
You could file a bug against the authconfig package asking to update the defaults.
So does that mean SmartCard authentication is no longer possible in Fedora, or is there another method I'm missing? I know pam_pkcs11 isn't ideal, but if you're required to use smartcards I believe it is needed.
authconfig has configuration settings for SmartCard authentication but they're grayed out unless the pam_pkcs11 module is installed.
Jim
On 12/01/2016 10:08 AM, Jim Simmons wrote:
So does that mean SmartCard authentication is no longer possible in Fedora, or is there another method I'm missing? I know pam_pkcs11 isn't ideal, but if you're required to use smartcards I believe it is needed.
I don't use smart cards, but a quick search found that there was a change announced in Fedora 20 to use SSSD for smart card authentication. I would suggest trying to configure sssd for your usage.
https://fedoraproject.org/wiki/Changes/SSSD_Smart_Card_Support
authconfig has configuration settings for SmartCard authentication but they're grayed out unless the pam_pkcs11 module is installed.
A bug should definitely be opened to fix that to either remove it or configure it using sssd.