RE: Xscreensaver not locking (UNCLASSIFIED)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Classification: Caveats:     *NOTICE: 
Hi,

I was able to retest on a clean system today. I noticed two things I had
to change and then things started work about 90% right.

1) Since I am not on a network, OCSP has to be off for stuff to work (
aaronl hangs head, and grumbles and RHEL5 guide directions)
2) I needed to do a chmod gu+w on /etc/pki/nssdb and then the
screensaver remove functions started working and GDM behaved a bit
better.

The console stuff still does prompt for pin upon card insertion but if
you type in a username - or any text really - it will pull the CN from
the card and then ask for your pin. 

I would really have to test this in a networked connected way to get any
real good data back to you but it looks good so far. 

Question to the gallery:

I want to start writing a script to help with the user card reg and
account association. What's the correct place for a tool like this? The
ESC, a bash script, an addition to the firstboot tool set?

For a quick starter solution, how can I pull the CN from an inserted
card in using bash, perl, awk etc.

Thanks,

Aaron


> -----Original Message-----
> From: Robert Relyea [mailto:rrelyea@xxxxxxxxxx] 
> Sent: Wednesday, July 11, 2007 8:33 PM
> To: Lippold, Aaron L CIV DISA PEO-GES
> Cc: coolkey-devel@xxxxxxxxxx
> Subject: Re:  Xscreensaver not locking (UNCLASSIFIED)
> 
> Lippold, Aaron L CIV DISA PEO-GES wrote:
> > Classification:  UNCLASSIFIED
> > Caveats: NONE
> >
> > Yup. I set the lock action in the prefs and if I remove the 
> card while 
> > in X the card services client does see the card and will note its 
> > removal. Also, GDM does see the card.
> >
> > When I first startup, GDM will ask for the pin if I insert and hit 
> > enter or type my username.
> >   
> Oh, this is broken. When you insert the card, GDM should 
> automatically prompt for the pin (maybe after a short delay).
> > If I have the card inserted and I logout of X, then upon the GDM 
> > restart it will just ask for my pin. If at this point I remove the 
> > card and put it back, it will just ask for my pin.
> >   
> OK, so obviously you are missing smart card events. I've seen 
> this on a RHEL 5.1 update, where coolkey isn't being added to 
> secmod.db.
> Try doing a modutil --list -dbdir /etc/pki/nssdb and see if 
> coolkey is there. If it's not try adding it with modutil and 
> see if the problems go away.
> 
> If that's the problem then we need to see what may have 
> caused it. Was this system upgraded from RHEL4? What does rpm 
> -q coolkey say?
> 
> bob
> 
> > So, that's why I was asking what conf file or log should I check to 
> > see if the 'on card remove, lock' trigger is working.
> >
> > I am using the RPMs from the RHEL5.0 push. No updates.
> >   
> 
> 
Classification: Caveats: 

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux