-
Notifications
You must be signed in to change notification settings - Fork 2
FAQ
No, as long as your system and GNOME recognize that there is a smartcard installed, the extension will follow it's inserted status and request GNOME to lock on any smartcard that is removed.
The extension has actually been tested with a login that doesn't even have any smartcard configuration at all, if it's there, when it isn't there any longer... the screen is locked.
I personally use pam_yubico in challenge-response mode as described in https://fedoramagazine.org/how-to-use-a-yubikey-with-fedora-linux/
Use d-spy or d-feet, connect to the Session bus and look for org.gnome.SettingsDaemon.Smartcard
. Expand /org/gnome/SettingsDaemon/Smartcard/Manager
and execute method GetInsertedTokens, see if it get's you a list of inserted tokens:
Good Status With d-spy:
Good Status With d-feet:
Bad Status If you get something like the result below, an empty object list, then there's some problem because neither D-Bus not GNOME can detect any token:
It is possible that your setup is not recognizing the token as being inserted. See the FAQ above to learn how to check.
I had a computer where repeated executions with d-spy or d-feet randomly gave me an empty list or a list with tokens resulting in that nothing seemed to happen unless you had the luck of catching a good status.
Since I use GNU Privacy Guard integrated as both SSH Agent and PGP with my card, I needed to add pcsc-shared
as the example below:
[user@localhost ~]$ cat .gnupg/scdaemon.conf
pcsc-shared
disable-ccid
[user@localhost ~]$
I suspect that the concurrency between gpg and pcsc where the root of the issue, telling gpg to behave because the device is shared with pcsc solved the issue, and maybe that's your case as well.