No PIN asked for with libpam-poldi
Ingo Klöcker
kloecker at kde.org
Fri Nov 7 15:56:58 CET 2025
On Freitag, 7. November 2025 11:43:58 Mitteleuropäische Normalzeit Franck
Routier (Personnel) via Gnupg-users wrote:
> I'm trying to use my Yubikey with libpam-poldi to sudo on a Ubuntu based
> OS (Tuxedo OS).
[...]
> My .gnupg/scdaemon.conf file looks like this:
> disable-ccid
>
> My /etc/pam.d/sudo and /etc/pam.d/sudo-i have auth sufficient pam_poldi.so
>
> And finally .gnupg/gpg-agent.conf looks like:
> pinentry-program /usr/bin/pinentry-qt
> debug-lvel 3
Typo? In any case, avoid the weird debug-level setting. Use "debug ipc"
instead. Also set log-file so that the logs don't end up in some random place
(or nowhere).
> enable-ssh-support
> ttyname $GPG_TTY
> default-cache-ttl 60
> max-cache-ttl 120
>
>
> Nos, when I try to sudo, I am asked to insert my card, and asked for a
> password, but never for a PIN:
>
> $sudo su
> Insert authentication card for user `franck'
> Trying authentication as user `franck'...
> [sudo] password for franck:
Very likely gpg-agent fails to start pinentry-qt or pinentry-qt fails to start
because there's no window manager running. Try using pinentry-curses or
pinentry-tty instead of pinentry-qt if you are anyway using the terminal.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 265 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251107/b5b9f2c5/attachment.sig>
More information about the Gnupg-users
mailing list