Error 2336: No matching certificate found on Lock Screen

Just updated to the August 22 build and it’s giving this error on the lock screen that says Error 2336: No matching certificate found. What does the mean?

I just rolled back to August 20 and I have the same issue. Gonna roll back to August 22 build.

Apart from that error, do you experience “related” problems?

Does the journal give more hints on which component is emitting this error?

I don’t notice it at the moment.

No idea

Aug 24 01:20:52 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"handleSeenMessages: 0 out of 0 a>
Aug 24 01:20:54 THONKYMECH.lan touchegg[3345]: Error connecting to Touchégg daemon: Could not connect: Connection refused
Aug 24 01:20:54 THONKYMECH.lan touchegg[3345]: Reconnecting in 5 seconds...
Aug 24 01:20:58 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"[updater] about to fetchReleaseF>
Aug 24 01:20:58 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"[updater] fetched release from f>
Aug 24 01:20:58 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"about to pollNodeForKey of (...2>
Aug 24 01:20:59 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"updating last hashes for (...20b>
Aug 24 01:20:59 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"pollNodeForKey of (...20b8df33) >
Aug 24 01:20:59 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"received userConfigMessages coun>
Aug 24 01:20:59 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"handleSeenMessages: 0 out of 0 a>
Aug 24 01:20:59 THONKYMECH.lan touchegg[3345]: Error connecting to Touchégg daemon: Could not connect: Connection refused
Aug 24 01:20:59 THONKYMECH.lan touchegg[3345]: Reconnecting in 5 seconds...
Aug 24 01:21:04 THONKYMECH.lan touchegg[3345]: Error connecting to Touchégg daemon: Could not connect: Connection refused
Aug 24 01:21:04 THONKYMECH.lan touchegg[3345]: Reconnecting in 5 seconds...
Aug 24 01:21:04 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"about to pollNodeForKey of (...2>
Aug 24 01:21:05 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"updating last hashes for (...20b>
Aug 24 01:21:05 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"pollNodeForKey of (...20b8df33) >
Aug 24 01:21:05 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"received userConfigMessages coun>
Aug 24 01:21:05 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"handleSeenMessages: 0 out of 0 a>
Aug 24 01:21:07 THONKYMECH.lan kscreenlocker_greet[36502]: kf.svg: The theme "Sweet" uses the legacy metadata.desktop. Consider contacting the aut>
Aug 24 01:21:07 THONKYMECH.lan kscreenlocker_greet[36502]: kf.svg: The theme "Sweet" uses the legacy metadata.desktop. Consider contacting the aut>
Aug 24 01:21:07 THONKYMECH.lan kscreenlocker_greet[36502]: kf.plasma.core: The theme "Sweet" uses the legacy metadata.desktop. Consider contacting>
Aug 24 01:21:07 THONKYMECH.lan kscreenlocker_greet[36502]: kf.plasma.core: The theme "Sweet" uses the legacy metadata.desktop. Consider contacting>
Aug 24 01:21:08 THONKYMECH.lan kscreenlocker_greet[36502]: kf.svg: The theme "Sweet" uses the legacy metadata.desktop. Consider contacting the aut>
Aug 24 01:21:08 THONKYMECH.lan kscreenlocker_greet[36502]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Aug 24 01:21:08 THONKYMECH.lan kscreenlocker_greet[36502]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Aug 24 01:21:08 THONKYMECH.lan kscreenlocker_greet[36502]: no valid certificate which meets all requirements found
Aug 24 01:21:08 THONKYMECH.lan kscreenlocker_greet[36502]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Aug 24 01:21:08 THONKYMECH.lan kscreenlocker_greet[36502]: pam_kwallet5(kde-smartcard:auth): pam_kwallet5: pam_sm_authenticate
Aug 24 01:21:08 THONKYMECH.lan kscreenlocker_greet[36502]: pam_kwallet5(kde-smartcard:auth): pam_kwallet5: we were already executed
Aug 24 01:21:09 THONKYMECH.lan touchegg[3345]: Error connecting to Touchégg daemon: Could not connect: Connection refused
Aug 24 01:21:09 THONKYMECH.lan touchegg[3345]: Reconnecting in 5 seconds...
Aug 24 01:21:10 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"about to pollNodeForKey of (...2>
Aug 24 01:21:11 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"updating last hashes for (...20b>
Aug 24 01:21:11 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"pollNodeForKey of (...20b8df33) >
Aug 24 01:21:11 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"received userConfigMessages coun>
Aug 24 01:21:11 THONKYMECH.lan flatpak[3480]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"handleSeenMessages: 0 out of 0 a>
Aug 24 01:21:11 THONKYMECH.lan kscreenlocker_greet[36502]: pam_kwallet5(kde:setcred): pam_kwallet5: pam_sm_setcred
Aug 24 01:21:11 THONKYMECH.lan kwin_x11[2669]: kwin_core: XCB error: 152 (BadDamage), sequence: 63083, resource id: 12755810, major code: 143 (DAM>
Aug 24 01:21:11 THONKYMECH.lan kwin_x11[2669]: kwin_core: XCB error: 3 (BadWindow), sequence: 63084, resource id: 72351778, major code: 129 (SHAPE

The problem seems to be related to your touchegg package. Are you using it, if so you did you install it?

The “Sweet theme” is not supported anymore it looks to me, that could also trigger this error.

Yeah i opened a thread before saying that i couldn’t get touchegg to work and i ignored it for a while. It used to work when I was using Debian.

Huh interesting. must I get rid of it?

Oh yeah, also I keep getting invalid package errors in Discover. Idk if it has anything to do with “Sweet theme”.

I just ran plasmashell --replace and this is what I see.

t: Session management error: Authentication Rejected, reason : MIT-MAGIC-COOKIE-1 authentication rejected
kf.svg: The theme "Sweet" uses the legacy metadata.desktop. Consider contacting the author and asking them update it to use the newer JSON format.
kf.svg: The theme "Sweet" uses the legacy metadata.desktop. Consider contacting the author and asking them update it to use the newer JSON format.
kf.plasma.core: The theme "Sweet" uses the legacy metadata.desktop. Consider contacting the author and asking them update it to use the newer JSON format.
kf.plasma.core: The theme "Sweet" uses the legacy metadata.desktop. Consider contacting the author and asking them update it to use the newer JSON format.

I removed touchegg and this is what I see.

Aug 24 01:49:05 THONKYMECH.lan flatpak[2911]:  "x"              : 310,
Aug 24 01:49:05 THONKYMECH.lan flatpak[2911]:  "y"              : 176,
Aug 24 01:49:05 THONKYMECH.lan flatpak[2911]:  "active"         : false,
Aug 24 01:49:05 THONKYMECH.lan flatpak[2911]:  "focus"          : false,
Aug 24 01:49:05 THONKYMECH.lan flatpak[2911]:  "locationSet"    : true,
Aug 24 01:49:05 THONKYMECH.lan flatpak[2911]:  "silentShutdown" : false,
Aug 24 01:49:05 THONKYMECH.lan flatpak[2911]:  "visible"        : false
Aug 24 01:49:05 THONKYMECH.lan flatpak[2911]: }
Aug 24 01:49:07 THONKYMECH.lan flatpak[2932]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"about to pollNodeForKey of (...2>
Aug 24 01:49:08 THONKYMECH.lan flatpak[2932]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"updating last hashes for (...20b>
Aug 24 01:49:08 THONKYMECH.lan flatpak[2932]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"pollNodeForKey of (...20b8df33) >
Aug 24 01:49:08 THONKYMECH.lan flatpak[2932]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"received userConfigMessages coun>
Aug 24 01:49:08 THONKYMECH.lan flatpak[2932]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"handleSeenMessages: 0 out of 0 a>
Aug 24 01:49:09 THONKYMECH.lan flatpak[2932]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"close event {\"readyForShutdown\>
Aug 24 01:49:12 THONKYMECH.lan kscreenlocker_greet[4427]: kf.svg: The theme "Sweet" uses the legacy metadata.desktop. Consider contacting the auth>
Aug 24 01:49:12 THONKYMECH.lan kscreenlocker_greet[4427]: kf.svg: The theme "Sweet" uses the legacy metadata.desktop. Consider contacting the auth>
Aug 24 01:49:12 THONKYMECH.lan kscreenlocker_greet[4427]: kf.plasma.core: The theme "Sweet" uses the legacy metadata.desktop. Consider contacting >
Aug 24 01:49:12 THONKYMECH.lan kscreenlocker_greet[4427]: kf.plasma.core: The theme "Sweet" uses the legacy metadata.desktop. Consider contacting >
Aug 24 01:49:12 THONKYMECH.lan kscreenlocker_greet[4427]: kf.svg: The theme "Sweet" uses the legacy metadata.desktop. Consider contacting the auth>
Aug 24 01:49:13 THONKYMECH.lan kscreenlocker_greet[4427]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Aug 24 01:49:13 THONKYMECH.lan kscreenlocker_greet[4427]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Aug 24 01:49:13 THONKYMECH.lan kscreenlocker_greet[4427]: no valid certificate which meets all requirements found
Aug 24 01:49:13 THONKYMECH.lan kscreenlocker_greet[4427]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Aug 24 01:49:13 THONKYMECH.lan kscreenlocker_greet[4427]: pam_kwallet5(kde-smartcard:auth): pam_kwallet5: pam_sm_authenticate
Aug 24 01:49:13 THONKYMECH.lan kscreenlocker_greet[4427]: pam_kwallet5(kde-smartcard:auth): pam_kwallet5: we were already executed
Aug 24 01:49:13 THONKYMECH.lan flatpak[2932]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"about to pollNodeForKey of (...2>
Aug 24 01:49:15 THONKYMECH.lan flatpak[2932]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"updating last hashes for (...20b>
Aug 24 01:49:15 THONKYMECH.lan flatpak[2932]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"pollNodeForKey of (...20b8df33) >
Aug 24 01:49:15 THONKYMECH.lan flatpak[2932]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"received userConfigMessages coun>
Aug 24 01:49:15 THONKYMECH.lan flatpak[2932]: {"name":"log","hostname":"THONKYMECH.lan","pid":2,"level":30,"msg":"handleSeenMessages: 0 out of 0 a>
Aug 24 01:49:16 THONKYMECH.lan kscreenlocker_greet[4427]: pam_kwallet5(kde:setcred): pam_kwallet5: pam_sm_setcred

I am currently using the Sweet Theme so I can’t remove it.

Okay, it was not the touchegg package.

I you want to keep using the Sweet theme, better follow and the journal is saying, consider contacting …

The error message comes from a smartcard authenticator.

1 Like

So you’re saying that this causes the Error 2336?

The error is thrown by pam_pkcs11

pam_pkcs11 - PKCS #11 PAM Module
This Linux PAM module allows X.509 a certificate-based user authentication. The certificate and its dedicated private key are thereby accessed by means of an appropriate PKCS #11 module. For the verification of the users’ certificates, locally stored CA certificates as well as online or locally accessible CRLs are used.
Additionally, the package includes pam_pkcs11-related tools:

  • pkcs11_eventmgr: Generates actions on card insert, removal, or
    time-out events
  • pklogin_finder: Gets the login name that maps to a certificate
  • pkcs11_inspect: Inspects the contents of a certificate
  • make_hash_links: Creates hash link directories for storing CAs and
    CRLs

pam_p11 - PAM Authentication Module for Using Cryptographic Tokens
Pam_p11 is a pluggable authentication module (pam) package for using cryptographic tokens, such as smart cards and usb crypto tokens, for authentication.
Pam_p11 has limited functionality since it simply compares public keys to sign some random data and verifies the signature with the public key. This works fine for small installations but may have security implications, see README.SUSE.

1 Like

Okay. Funny that it showed up recently and it hasn’t before.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.