Rejected unauthorized PC/SC client // PC/SC doesn't let me access my yubikey #624
Comments
|
Little update: I just did a little apt update/upgrade this morning (some linux-headers) and at my surprise it works fine now since then... Didn't change anything more ahah... I close the issue, but don't know exactly yet what was the problem there... |
|
Seems access is controlled via polkit now... https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html So, I created a group called "ykusers" and assigned appropriate users, then finally created a rule to grant access to users in that group
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
- YubiKey Manager (ykman) version:
YubiKey Manager (ykman) version: 5.5.1
- How was it installed?:
Both on apt (ykman, scdaemon, pcscd, and all packages adviced to), and then when the problem appeared, tried also via pip install (as recommended in the doc). Same problem
- Operating system and version:
Everything was working fine for years. Updated yesterday my server from Ubuntu Server 22.04 LTS to 24.04 LTS, cannot access the Yubikey anymore.
- YubiKey model and version:
Device type: YubiKey 5 Nano
Serial number: myserial
Firmware version: 5.4.3
Form factor: Nano (USB-A)
Enabled USB interfaces: OTP, FIDO, CCID
- Bug description summary:
Since the upgrade, PCSC daemon apparently doesn't authorize me to access the yubikey anymore.
Steps to reproduce
Upgrade to 24.04, applied less changes as possible during the upgrade (N option). Now the same yubikey and server and cannot connect anymore.
Expected result
Connect to my yubikey data throw 24.04 LTS
Actual results and logs
Here is the result of
ykman info:WARNING: PC/SC not available. Smart card (CCID) protocols will not function.
ERROR: Unable to list devices for connection
Device type: YubiKey 5 Nano
Serial number: myserial
Firmware version: 5.4.3
Form factor: Nano (USB-A)
Enabled USB interfaces: OTP, FIDO, CCID
Applications
Yubico OTP Enabled
FIDO U2F Enabled
FIDO2 Enabled
OATH Enabled
PIV Enabled
OpenPGP Enabled
YubiHSM Auth Enabled
Here of
gpg --card-status:ubuntu@serveur:~$ gpg --card-status
gpg: selecting card failed: Aucun périphérique de ce type
gpg: la carte OpenPGP n'est pas disponible : Aucun périphérique de ce type
So apparently the problem comes from PC/SC and permissions. I tried to add rules specifications as in the doc ( exact 2 sames files). Updates rules, still same result.
Here are the logs of PC/SC daemon:
ubuntu@serveur:~$ sudo systemctl status pcscd
● pcscd.service - PC/SC Smart Card Daemon
Loaded: loaded (/usr/lib/systemd/system/pcscd.service; indirect; preset: enabled)
Active: active (running) since Wed 2024-07-24 20:03:40 CEST; 1min 37s ago
TriggeredBy: ● pcscd.socket
Docs: man:pcscd(8)
Main PID: 6595 (pcscd)
Tasks: 8 (limit: 9385)
Memory: 1.7M (peak: 2.6M)
CPU: 85ms
CGroup: /system.slice/pcscd.service
└─6595 /usr/sbin/pcscd --foreground --auto-exit
juil. 24 20:03:41 serveur pcscd[6595]: 00131311 auth.c:143:IsClientAuthorized() Process 6451 (user: 1000) is NOT authorized for action: access_pcsc
juil. 24 20:03:41 serveur pcscd[6595]: 00000121 winscard_svc.c:355:ContextThread() Rejected unauthorized PC/SC client
juil. 24 20:04:39 serveur pcscd[6595]: 58269185 auth.c:143:IsClientAuthorized() Process 7809 (user: 1000) is NOT authorized for action: access_pcsc
juil. 24 20:04:39 serveur pcscd[6595]: 00000140 winscard_svc.c:355:ContextThread() Rejected unauthorized PC/SC client
juil. 24 20:04:39 serveur pcscd[6595]: 00116773 auth.c:143:IsClientAuthorized() Process 7809 (user: 1000) is NOT authorized for action: access_pcsc
juil. 24 20:04:39 serveur pcscd[6595]: 00000178 winscard_svc.c:355:ContextThread() Rejected unauthorized PC/SC client
The text was updated successfully, but these errors were encountered: