Re: Coolkey use problems on Fedora 14 (no token available), please help.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Did you look at this ?

On 02/07/2011 02:33 PM, guy zelck wrote:
Hi Lyall,

     I am using the ActivIdentity ActivKey USB SIM on Gentoo 32 and 64 bit.
     I also am having difficulty.
     I used to have the key work 2 out of 3 times (every third time, it would
     fail) on 32 bit.
     I have had the key work a single time on 64 bit.
     Now, my 32 bit systems have failed, because of changes to the coolkey
     libraries, I suspect.

     Since I am underutilised at work, I have been preparing my 32 and 64 bit
     systems for a serious debugging attempt (as well as reading up on the smart
     card protocols, refreshing debugging, learning the source, etc).
     I will post any results, as I proceed (it's been a few years since I have
     done any serious debugging and I have to learn the smartcard protocols from
     scratch, so don't expect anything too soon).

I wish I was a bit more underutilized ....
Anyway, you're a brave man attempting to digg further into it, I've been
following your posts with interest in order to learn from them.
Sth must have changed indeed since it worked on my old (3 suse releases back)
opensuse 11.0 system.
I was in the process of upgrading to 11.3 when I stumbled upon the current
problems and it's kept me strugling for a few weeks already.
What I realy would appreciate is some respons from the redhat coolkey staff in
this matter just to acknowledge that there is a problem or that our
configuration is ok or not ok. Sometimes it's due to sth realy stupid
syntactically e.g..

What happen's e.g. up to the point where the PIN is prompted for? Is there need
for a 3rd pgm to come ask for the passwd, like there is with ssh authentication,
and is this missing? Do you see the same on your 32bit system as I see in my
working example?

On my systems where it doesn't work (Opensuse 11.3 and Fedora 14) I see a
frantically flickering led on the key. What is it communicating when normaly it
should come ask for the PIN? On the Fedora14 system I kept the stock packages,
on Opensuse I installed all the latest packages (pcsc-lite, pam_pkcs11, coolkey,
...). On this system the sim led only get's green when there's need for it, it
turns red again after each transaction. I guess this is new behaviour ... Also,
when using pkcs11_inspect, somethimes it takes a short and sometimes a very long
time before the 'no token available' is returned. Sometimes I have to re-insert
the sim to get things going. On Fedora14 the respons is quicker and the led
stays green al the time.

What I discovered was that the coolkey library name you see with "modutil" has
to be the exact same as the one in the pam_pkcs11.conf file, otherwise you get a
nasty error saying the lib couldn't be loaded. I tried with the short and long
library names and they give the same result as long as in both places you have
the same. I'm passed that now and I only get the 'no token available' message.
But what does this mean exactly? He found the usb sim, that's for sure. Does it
mean it can't find anything else (cert, key, ...)?

I know there are some guys within HP that have it working with ubuntu 10.10 but
that's a system I'm not familiar with at all. I could give that a try ...


Andy Bentley, CISSP
NetCentric Operations Group
MIT Lincoln Laboratory
244 Wood Street, FA-130k
Lexington, MA 02024
Office: 781.981.1981
Cell: 508.932.9882

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Coolkey-devel mailing list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux