I am running the free versions on Windows 10 client and Ubuntu 22.04 LTS server, version 8.5.3 on both sides.
I was able to successfully forward my Yubikey 5 NFC, using devices => smart card readers:
% pkcs11-tool --module /usr/NX/lib/libpkcs11.so -L
Available slots:
Slot 0 (0x1): Yubico YubiKey OTP+FIDO+CCID 0
token label : PIV_II (PIV Card Holder pin)
token manufacturer : piv_II
token model : PKCS#15 emulated
token flags : login required, rng, token initialized, PIN initialized
hardware version : 0.0
firmware version : 0.0
serial num : abcdefghijkl
pin min/max : 4/8
However if I do the same as root, the same fails:
# pkcs11-tool --module /usr/NX/lib/libpkcs11.so -L
Main C_Initialize(NULL) rv:CKR_FUNCTION_FAILED
error: PKCS11 function C_Initialize failed: rv = CKR_FUNCTION_FAILED (0x6)
Aborting.
This is an issue when trying to use the smart card with the standard pam_pkcs11 module for authentication, as the module runs as root in the pam architecture, and cannot see the card. I could find no way to force start the pam module with a non-root uid either.
I do not want to forward the card as a USB device, as it makes it unavailable on the client.