- This topic has 1 reply, 2 voices, and was last updated 1 year, 5 months ago by
.
-
Posts
-
I am running the free versions on Windows 10 client and Ubuntu 22.04 LTS server, version 8.5.3 on both sides.
I was able to successfully forward my Yubikey 5 NFC, using devices => smart card readers:
% pkcs11-tool --module /usr/NX/lib/libpkcs11.so -L Available slots: Slot 0 (0x1): Yubico YubiKey OTP+FIDO+CCID 0 token label : PIV_II (PIV Card Holder pin) token manufacturer : piv_II token model : PKCS#15 emulated token flags : login required, rng, token initialized, PIN initialized hardware version : 0.0 firmware version : 0.0 serial num : abcdefghijkl pin min/max : 4/8However if I do the same as root, the same fails:
# pkcs11-tool --module /usr/NX/lib/libpkcs11.so -L Main C_Initialize(NULL) rv:CKR_FUNCTION_FAILED error: PKCS11 function C_Initialize failed: rv = CKR_FUNCTION_FAILED (0x6) Aborting.This is an issue when trying to use the smart card with the standard pam_pkcs11 module for authentication, as the module runs as root in the pam architecture, and cannot see the card. I could find no way to force start the pam module with a non-root uid either.
I do not want to forward the card as a USB device, as it makes it unavailable on the client.
Hello
The smart device is accessible by the user who forwarded it. Sharing the smart card among users is not supported (but planned) because personal information for smart card sharing are stored in the user’s home on server side, which is not accessible to a different user even if that other user is root.
Thanks
This topic was marked as solved, you can't post.