pam_pkcs11: NSS_Initiate failed


I would like login with smartcard to my notebook.

I started configuration based on manual from Gooze.

Here is few lines of my pam_pkcs11.conf:

pam_pkcs11 {
nullok = true;
debug = true;
use_first_pass = false;
try_first_pass = false;
use_authtok = false;
use_pkcs11_module = opensc;

pkcs11_module opensc {
module = /usr/lib/;
description = “OpenSC PKCS#11 module”;
slot_description = “none”;
ca_dir = /etc/pam_pkcs11/cacerts;
crl_dir = /etc/pam_pkcs11/crls;
support_threads = false;
cert_policy = ca;
token_type = “Smart card”;

and when I check configuration “pkcs11_inspect” i get the following error:
pkcs11_inspect debug
DEBUG:pam_config.c:245: Using config file /etc/pam_pkcs11/pam_pkcs11.conf
DEBUG:pkcs11_lib.c:187: Initializing NSS …
DEBUG:pkcs11_lib.c:197: Initializing NSS … database=/etc/ssl/nssdb
DEBUG:pkcs11_lib.c:206: NSS_Initialize failed: security library: bad database.
DEBUG:pkcs11_inspect.c:64: crypto_init() failed:

I don’t understand, why I need nssdb for login. Required information are defined in their directories cacerts and crls.
It is not discuss in any manual (maybe I can’t googling ) .

Please, can somebody explain the idea?

Thanks Jan

Hello Jan,

I’m having the same problem, did you solve it?