When running in rootless mode we don't have permission to create the symlink for our smartcard module and so we get this error. Rather than creating the symlink, we should use the full path in the PAM file like we do with pam_vas.
We have created ER 801976 for this issue.
WORKAROUND
Graphical logins in MacOS don't normally use PAM, so it may not be necessary to configure this module at all.
If it is necessary, the following two lines could be added to the /etc/pam.d/login file before the pam_vas3.so lines:
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center