Attempting to use virtualsmart card with pam_pkcs11

Expected behaviour

Actual behaviour

When attempting to login I see the following error in the debug output:

ERROR:pam_pkcs11.c:365: init_pkcs11_module() failed: C_GetTokenInfo() failed: 0x000000E0

I looked it up and found that error 0xE0 means "CKR_TOKEN_NOT_PRESENT". I first thought that perhaps the virtual card was missing a function that the module expected but then I noticed some conflicting info from pkcs11-tool:

root@ubuntu20-desk:~# pkcs11-tool -I
Cryptoki version 2.20
Manufacturer     OpenSC Project
Library          OpenSC smartcard framework (ver 0.20)
Using slot 0 with a present token (0x0)

root@ubuntu20-desk:~# pkcs11-tool -T
Available slots:
No slots.

The first command recognizes a slot/token as present but the second does not. Then I found that I get the same error from pkcs11_inspect:

DEBUG:pkcs11_inspect.c:82: init_pkcs11_module() failed: C_GetTokenInfo() failed: 0x000000E0

Is this an expected limitation of virtualsmartcard?

Steps to reproduce

I configured an ubuntu 20 VM to login via the pam_pkcs11 module by following the guide here:

https://dev.rutoken.ru/download/attachments/3440696/gooze_-_gnulinux_smartcard_logon_using_pam-pkcs11_-_2011-04-07.pdf?version=1&modificationDate=1438795891045&api=v2

and installed vicc using these instructions:

http://frankmorgner.github.io/vsmartcard/virtualsmartcard/README.html#installation-on-linux-unix-and-similar

I am using python 3.9.5 if that makes a difference.

In separate terminals as root user I ran:

pcscd -f --info

and

python /usr/local/bin/vicc -vvv

then I attempt to login as the normal user in another terminal

Logs

Here is full debug output where I saw the C_GetTokenInfo() error when attempting to login:

https://gist.github.com/sand7000/20988537f286e9565d2701bc132c4ade

and the verbose logging of the above commands:

https://gist.github.com/sand7000/eec4f48dfa03b0179adb334e6e162bf9#file-vicc-log

frankmorgner / vsmartcard