Smart Card (CAC) logon

dwellen · August 26, 2016, 12:13am

I haven’t tried using a cac reader in OpenSuSE KDE but in the RedHat Rhel world it only works with GDM. If working correctly
there will be a process called gdm-smartcard running along with gdm-password.

Chris Woelkers:

The problem with the pcscd service is two fold. It is one of only a few middleware drivers for smart card readers, and the only one that is available for OpenSuSE.
The way it is installed, with systemd, is that it requires the pcscd.socket to listen for an application asking to use a smart card. Once that request comes in the service is started.
This works fine for Firefox and Chrome but seemed to be failing for login. So either the login manager had no idea to request a smart card or the socket wasn’t listening, I’m leaning more towards the first one.
By modifying the pcscd.service file to no longer require pcscd.socket and to be wanted by the graphical.target, the service automatically starts and stays running whenever X is started.
And yes I did keep a copy of the original pcscd.service file.

Now it’s up to the login manager and SDDM seems to be ignoring the available smart card. I have also tried changing
auth    sufficient    common-auth-smartcard
to
auth    sufficient    pam_pkcs11.so
to no effect.
I did try using KDM instead of SDDM but received the same results.

Something is missing or wrong in my config files or system but none of the how-tos that I have seen include something that I haven’t already tried.
I’m still hoping someone else using OpenSuSE, or SLE, has gotten this to work and can help me out.