Classification: Caveats: *NOTICE: Hi, I was able to retest on a clean system today. I noticed two things I had to change and then things started work about 90% right. 1) Since I am not on a network, OCSP has to be off for stuff to work ( aaronl hangs head, and grumbles and RHEL5 guide directions) 2) I needed to do a chmod gu+w on /etc/pki/nssdb and then the screensaver remove functions started working and GDM behaved a bit better. The console stuff still does prompt for pin upon card insertion but if you type in a username - or any text really - it will pull the CN from the card and then ask for your pin. I would really have to test this in a networked connected way to get any real good data back to you but it looks good so far. Question to the gallery: I want to start writing a script to help with the user card reg and account association. What's the correct place for a tool like this? The ESC, a bash script, an addition to the firstboot tool set? For a quick starter solution, how can I pull the CN from an inserted card in using bash, perl, awk etc. Thanks, Aaron > -----Original Message----- > From: Robert Relyea [mailto:rrelyea@xxxxxxxxxx] > Sent: Wednesday, July 11, 2007 8:33 PM > To: Lippold, Aaron L CIV DISA PEO-GES > Cc: coolkey-devel@xxxxxxxxxx > Subject: Re: Xscreensaver not locking (UNCLASSIFIED) > > Lippold, Aaron L CIV DISA PEO-GES wrote: > > Classification: UNCLASSIFIED > > Caveats: NONE > > > > Yup. I set the lock action in the prefs and if I remove the > card while > > in X the card services client does see the card and will note its > > removal. Also, GDM does see the card. > > > > When I first startup, GDM will ask for the pin if I insert and hit > > enter or type my username. > > > Oh, this is broken. When you insert the card, GDM should > automatically prompt for the pin (maybe after a short delay). > > If I have the card inserted and I logout of X, then upon the GDM > > restart it will just ask for my pin. If at this point I remove the > > card and put it back, it will just ask for my pin. > > > OK, so obviously you are missing smart card events. I've seen > this on a RHEL 5.1 update, where coolkey isn't being added to > secmod.db. > Try doing a modutil --list -dbdir /etc/pki/nssdb and see if > coolkey is there. If it's not try adding it with modutil and > see if the problems go away. > > If that's the problem then we need to see what may have > caused it. Was this system upgraded from RHEL4? What does rpm > -q coolkey say? > > bob > > > So, that's why I was asking what conf file or log should I check to > > see if the 'on card remove, lock' trigger is working. > > > > I am using the RPMs from the RHEL5.0 push. No updates. > > > > Classification: Caveats: _______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel