Chat now with support
Chat with Support

Safeguard Authentication Services 4.2 - Authentication Services for Smart Cards Administration Guide

One Identity Privileged Access Suite for Unix Introducing Authentication Services for Smart Cards Installing Authentication Services for Smart Cards Configuring Authentication Services for Smart Cards
Configuring the vendor’s PKCS#11 library Configuring the card slot for your PKCS#11 library Configuring PAM applications for smart card login Configuring certificates and CRLs Locking the screen saver upon card removal (macOS)
Testing Authentication Services for Smart Cards Troubleshooting

Enable debugging for the Authentication Services daemon

To enable additional debugging for the Authentication Services daemon

  1. Run the debug-level option in vas.conf, as follows:
    [vasd]
    debug-level=4

See Enabling diagnostic logging in the Authentication Services Administration Guide for more information on debugging vasd.

Enable debugging for the PKCS#11 library

If a failure occurs when testing your cards, it is valuable to have as much debug information as possible. Some PKCS #11 libraries may provide a way to collect additional debugging information. For example, the following procedure explains how to enable debugging for the PKCS#11 library using OpenSC. For more information on OpenSC, see OpenSC Manual Pages: Section 5.

To enable debugging for the PKCS#11 library

  1. Navigate to /usr/etc/opensc.conf.
  2. Edit the opencs.conf, adding the following configuration options to the opensc-pkcs11 application block:

    • debug = <num>;

      where <num> indicates the amount of debug information to be included. A greater value means more debugging information is included. Default: 0.

      The OPENSC_DEBUG environment variable overwrites this setting.

    • debug_file = <filenname>;

      where <filename> is the name of the file to which the debug information will be written. Default: stderr.

      Special values, stdout and stderr are recognized.

Troubleshooting vastool errors

The following sections describe symptoms and possible causes that you might encounter when using the vastool smartcard commands.

For information on other vastool commands, see the Authentication Services Administration Guide, which can be found on the Authentication Services - Technical Documentation page on the One Identity support site.

Related Topics

vastool ERROR: no PKCS#11 library specified in vas.conf

vastool ERROR: Could not get symbol 'C_GetFunctionList'

vastool ERROR: invalid ELF header

vastool ERROR: cannot open shared object file

vastool ERROR: smart card is not present in slot

vastool WARNING: "Smart card user X is not unix enabled" issue

vastool ERROR: no PKCS#11 library specified in vas.conf

You encounter this error when you have not configured a PKCS#11 library.

To configure the PKCS#11 library

  1. Run the vastool smartcard configure pkcs11 lib command.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating