Did you look at this ? http://militarycac.com/linux.htm On 02/07/2011 02:33 PM, guy zelck wrote:
Hi Lyall, I am using the ActivIdentity ActivKey USB SIM on Gentoo 32 and 64 bit. I also am having difficulty. I used to have the key work 2 out of 3 times (every third time, it would fail) on 32 bit. I have had the key work a single time on 64 bit. Now, my 32 bit systems have failed, because of changes to the coolkey libraries, I suspect. Since I am underutilised at work, I have been preparing my 32 and 64 bit systems for a serious debugging attempt (as well as reading up on the smart card protocols, refreshing debugging, learning the source, etc). I will post any results, as I proceed (it's been a few years since I have done any serious debugging and I have to learn the smartcard protocols from scratch, so don't expect anything too soon). I wish I was a bit more underutilized .... Anyway, you're a brave man attempting to digg further into it, I've been following your posts with interest in order to learn from them. Sth must have changed indeed since it worked on my old (3 suse releases back) opensuse 11.0 system. I was in the process of upgrading to 11.3 when I stumbled upon the current problems and it's kept me strugling for a few weeks already. What I realy would appreciate is some respons from the redhat coolkey staff in this matter just to acknowledge that there is a problem or that our configuration is ok or not ok. Sometimes it's due to sth realy stupid syntactically e.g.. What happen's e.g. up to the point where the PIN is prompted for? Is there need for a 3rd pgm to come ask for the passwd, like there is with ssh authentication, and is this missing? Do you see the same on your 32bit system as I see in my working example? On my systems where it doesn't work (Opensuse 11.3 and Fedora 14) I see a frantically flickering led on the key. What is it communicating when normaly it should come ask for the PIN? On the Fedora14 system I kept the stock packages, on Opensuse I installed all the latest packages (pcsc-lite, pam_pkcs11, coolkey, ...). On this system the sim led only get's green when there's need for it, it turns red again after each transaction. I guess this is new behaviour ... Also, when using pkcs11_inspect, somethimes it takes a short and sometimes a very long time before the 'no token available' is returned. Sometimes I have to re-insert the sim to get things going. On Fedora14 the respons is quicker and the led stays green al the time. What I discovered was that the coolkey library name you see with "modutil" has to be the exact same as the one in the pam_pkcs11.conf file, otherwise you get a nasty error saying the lib couldn't be loaded. I tried with the short and long library names and they give the same result as long as in both places you have the same. I'm passed that now and I only get the 'no token available' message. But what does this mean exactly? He found the usb sim, that's for sure. Does it mean it can't find anything else (cert, key, ...)? I know there are some guys within HP that have it working with ubuntu 10.10 but that's a system I'm not familiar with at all. I could give that a try ... Gtz, Guy.
-- Andy Bentley, CISSP NetCentric Operations Group MIT Lincoln Laboratory 244 Wood Street, FA-130k Lexington, MA 02024 Office: 781.981.1981 Cell: 508.932.9882 abentley@xxxxxxxxxx
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel