Enabling debugging for smart card login with PAM
The pam_vas_smartcard module supports an additional debug option that enables syslog to capture debugging information. This option is the same as the debug option supported by the pam_vas3 module. For more information on how to configure syslog for this option, see Enabling diagnostic logging in the Safeguard Authentication Services Administration Guide.
Enabling debugging for the Safeguard Authentication Services daemon
To enable additional debugging for the Safeguard Authentication Services daemon, run the debug-level option in vas.conf, as follows:
[vasd]
debug-level=4
For more information on debugging vasd, see Enabling diagnostic logging in the Safeguard Authentication Services Administration Guide.
Enabling debugging for the PKCS#11 library
If a failure occurs when testing your cards, it is valuable to have as much debug information as possible. Some PKCS #11 libraries may provide a way to collect additional debugging information. For example, the following procedure explains how to enable debugging for the PKCS#11 library using OpenSC. For more information on OpenSC, see OpenSC Manual Pages: Section 5.
To enable debugging for the PKCS#11 library
-
Navigate to /usr/etc/opensc.conf.
-
Edit the opencs.conf, adding the following configuration options to the opensc-pkcs11 application block:
-
debug = <num>;
where <num> indicates the amount of debug information to be included. A greater value means more debugging information is included. Default: 0.
The OPENSC_DEBUG environment variable overwrites this setting.
-
debug_file = <filenname>;
where <filename> is the name of the file to which the debug information will be written. Default: stderr.
Special values, stdout and stderr are recognized.
Troubleshooting vastool errors