No PIN asked for with libpam-poldi

Franck Routier (Personnel) alci at mecadu.org
Wed Nov 12 22:07:15 CET 2025 

I managed to get some logs from gpg-agent. No sure how to interpret this 
however. No obvious error I can spot (but I don't know what to look for):

2025-11-12 21:59:02 gpg-agent[15833] gpg-agent (GnuPG) 2.4.4 starting in 
supervised mode.
2025-11-12 21:59:02 gpg-agent[15833] using fd 3 for std socket 
(/run/user/1000/gnupg/S.gpg-agent)
2025-11-12 21:59:02 gpg-agent[15833] using fd 4 for extra socket 
(/run/user/1000/gnupg/S.gpg-agent.extra)
2025-11-12 21:59:02 gpg-agent[15833] using fd 5 for ssh socket 
(/run/user/1000/gnupg/S.gpg-agent.ssh)
2025-11-12 21:59:02 gpg-agent[15833] using fd 6 for browser socket 
(/run/user/1000/gnupg/S.gpg-agent.browser)
2025-11-12 21:59:02 gpg-agent[15833] listening on: std=3 extra=4 
browser=6 ssh=5
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK Pleased to meet 
you, process 15832
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- RESET
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION 
ttyname=/dev/pts/4
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION 
ttytype=xterm-256color
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION display=:0
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION 
xauthority=/run/user/1000/xauth_uyqgiW
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION 
putenv=WAYLAND_DISPLAY=wayland-0
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION 
putenv=XDG_SESSION_TYPE=wayland
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION 
putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION 
lc-ctype=fr_FR.UTF-8
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- OPTION 
lc-messages=fr_FR.UTF-8
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:02 gpg-agent[15833] DBG: chan_12 <- [eof]
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_12 -> OK Pleased to meet 
you, process 15998
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_12 <- SCD GETINFO socket_name
2025-11-12 21:59:54 gpg-agent[15833] no running /usr/lib/gnupg/scdaemon 
daemon - starting it
2025-11-12 21:59:54 gpg-agent[15833] DBG: agent_flush_cache (pincache only)
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 <- OK GNU Privacy 
Guard's Smartcard server ready
2025-11-12 21:59:54 gpg-agent[15833] first connection to daemon 
/usr/lib/gnupg/scdaemon established
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 -> GETINFO socket_name
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 <- D 
/run/user/1000/gnupg/S.scdaemon
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 <- OK
2025-11-12 21:59:54 gpg-agent[15833] DBG: additional connections at 
'/run/user/1000/gnupg/S.scdaemon'
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 -> OPTION event-signal=12
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 <- OK
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 -> GETINFO socket_name
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 <- D 
/run/user/1000/gnupg/S.scdaemon
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 <- OK
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_12 -> D 
/run/user/1000/gnupg/S.scdaemon
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_12 <- BYE
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_12 -> OK closing connection
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 -> RESTART
2025-11-12 21:59:54 gpg-agent[15833] DBG: chan_13 <- OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK Pleased to meet 
you, process 16050
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- RESET
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- OPTION 
ttytype=xterm-256color
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- OPTION display=:0
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- OPTION 
xauthority=/run/user/1000/xauth_uyqgiW
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- OPTION 
putenv=WAYLAND_DISPLAY=wayland-0
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- OPTION 
putenv=XDG_SESSION_TYPE=wayland
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- OPTION 
putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 <- KILLAGENT
2025-11-12 22:00:18 gpg-agent[15833] DBG: chan_12 -> OK closing connection
2025-11-12 22:00:18 gpg-agent[15833] random usage: poolsize=600 mixed=0 
polls=0/0 added=0/0
               outmix=0 getlvl1=0/0 getlvl2=0/0
2025-11-12 22:00:18 gpg-agent[15833] rndjent stat: 
collector=0x0000000000000000 calls=0 bytes=0
2025-11-12 22:00:18 gpg-agent[15833] secmem usage: 0/65536 bytes in 0 blocks
2025-11-12 22:00:22 gpg-agent[16056] gpg-agent (GnuPG) 2.4.4 starting in 
supervised mode.
2025-11-12 22:00:22 gpg-agent[16056] using fd 3 for std socket 
(/run/user/1000/gnupg/S.gpg-agent)
2025-11-12 22:00:22 gpg-agent[16056] using fd 4 for extra socket 
(/run/user/1000/gnupg/S.gpg-agent.extra)
2025-11-12 22:00:22 gpg-agent[16056] using fd 5 for ssh socket 
(/run/user/1000/gnupg/S.gpg-agent.ssh)
2025-11-12 22:00:22 gpg-agent[16056] using fd 6 for browser socket 
(/run/user/1000/gnupg/S.gpg-agent.browser)
2025-11-12 22:00:22 gpg-agent[16056] listening on: std=3 extra=4 
browser=6 ssh=5
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK Pleased to meet 
you, process 16055
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- RESET
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION 
ttyname=/dev/pts/4
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION 
ttytype=xterm-256color
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION display=:0
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION 
xauthority=/run/user/1000/xauth_uyqgiW
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION 
putenv=WAYLAND_DISPLAY=wayland-0
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION 
putenv=XDG_SESSION_TYPE=wayland
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION 
putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION 
lc-ctype=fr_FR.UTF-8
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- OPTION 
lc-messages=fr_FR.UTF-8
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:22 gpg-agent[16056] DBG: chan_12 <- [eof]
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_12 -> OK Pleased to meet 
you, process 16072
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_12 <- SCD GETINFO socket_name
2025-11-12 22:00:31 gpg-agent[16056] no running /usr/lib/gnupg/scdaemon 
daemon - starting it
2025-11-12 22:00:31 gpg-agent[16056] DBG: agent_flush_cache (pincache only)
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 <- OK GNU Privacy 
Guard's Smartcard server ready
2025-11-12 22:00:31 gpg-agent[16056] first connection to daemon 
/usr/lib/gnupg/scdaemon established
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 -> GETINFO socket_name
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 <- D 
/run/user/1000/gnupg/S.scdaemon
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 <- OK
2025-11-12 22:00:31 gpg-agent[16056] DBG: additional connections at 
'/run/user/1000/gnupg/S.scdaemon'
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 -> OPTION event-signal=12
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 <- OK
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 -> GETINFO socket_name
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 <- D 
/run/user/1000/gnupg/S.scdaemon
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 <- OK
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_12 -> D 
/run/user/1000/gnupg/S.scdaemon
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_12 -> OK
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_12 <- BYE
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_12 -> OK closing connection
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 -> RESTART
2025-11-12 22:00:31 gpg-agent[16056] DBG: chan_13 <- OK

Trying to sudo at 22:00:31
Before is just normal gpg-agent start (?).

Any idea ?

Regards,
Franck

Le 07/11/2025 à 18:36, Franck Routier (Personnel) via Gnupg-users a écrit :
>> Typo? In any case, avoid the weird debug-level setting. Use "debug ipc"
>> instead. Also set log-file so that the logs don't end up in some random place
>> (or nowhere).
> Yes typo. I removed it alltogether for now:
>
> pinentry-program /usr/bin/pinentry-qt
> enable-ssh-support
> ttyname $GPG_TTY
> default-cache-ttl 60
> max-cache-ttl 120
>
>> Very likely gpg-agent fails to start pinentry-qt or pinentry-qt fails to start
>> because there's no window manager running. Try using pinentry-curses or
>> pinentry-tty instead of pinentry-qt if you are anyway using the terminal.
> In fact gpg-agent seems to be able to call pinentry-qt, as when I use 
> pass or browserpass, it works and I get a pretty pinentry window...
>
> That said, switching to pinentry-tty does not solve the problem with pam.
> In fact I can see pinentry-tty working with pass and failing with sudo 
> in the same terminal session:
>
> $ pass perso/ameli.fr
> Please unlock the card
> Number: 10 955 601
> Holder: Franck Routier
> PIN:
> *************************
> $ sudo su
> Insert authentication card for user `franck'
> Trying authentication as user `franck'...
> [sudo] password for franck:
>
> Franck
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251112/3beb73eb/attachment-0001.html>

More information about the Gnupg-users mailing list