How to enable Login auto-detect for PAM-PKCS11

From pam-pkcs11’s doc, I found that:
Starting at pam_pkcs11-0.4.2 a new feature is provided: pam-pkcs11 can deduce the username from the user certificate without using the login prompt.

And after I added “auth sufficient” in /etc/pam.d/gdm of redhat 7.5, I can use the feature about login auto-detect:
If a card is not present, “gdm” will prompt again for a user login
If a card is present, pam-pkcs11 will ask for the PIN, and then invoke finder in module mapper list. When a user is found, this user become the logged user

And since the default pam-pkcs11 for SLED 12 sp3 is pam_pkcs11 0.6.8-5.81. I think this feature is suppored in SLED 12 sp3 too. But even if I added “auth sufficient”, I can’t find this feature is enabled. Then how to enable Login auto-detect for PAM-PKCS11 in SLED 12 SP3? Thanks a lot.


It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

Be sure to read the forum FAQ about what to expect in the way of responses:

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot…

Good luck!

Your SUSE Forums Team