However, all I want to do is use my ActivIdentity USB SIM. I don't want to go and create them - that's what my company security team is for, nor do I want to create a full CA and OCSP responder for that CA.
I am an end user.
I have an ActivIdentity USB SIM, it used to work on 32 bit (2 out of 3 uses), no more.
I also had it working in firefox.
The core of my problem is, the key is found, identified but ends up reporting no slots and thus, no certificate.
On Wed, Feb 9, 2011 at 6:51 AM, Andy Bentley <abentley@xxxxxxxxxx> wrote:
Did you look at this ?
http://militarycac.com/linux.htm
On 02/07/2011 02:33 PM, guy zelck wrote:
--Hi Lyall,
I am using the ActivIdentity ActivKey USB SIM on Gentoo 32 and 64 bit.
I also am having difficulty.
I used to have the key work 2 out of 3 times (every third time, it would
fail) on 32 bit.
I have had the key work a single time on 64 bit.
Now, my 32 bit systems have failed, because of changes to the coolkey
libraries, I suspect.
Since I am underutilised at work, I have been preparing my 32 and 64 bit
systems for a serious debugging attempt (as well as reading up on the smart
card protocols, refreshing debugging, learning the source, etc).
I will post any results, as I proceed (it's been a few years since I have
done any serious debugging and I have to learn the smartcard protocols from
scratch, so don't expect anything too soon).
I wish I was a bit more underutilized ....
Anyway, you're a brave man attempting to digg further into it, I've been
following your posts with interest in order to learn from them.
Sth must have changed indeed since it worked on my old (3 suse releases back)
opensuse 11.0 system.
I was in the process of upgrading to 11.3 when I stumbled upon the current
problems and it's kept me strugling for a few weeks already.
What I realy would appreciate is some respons from the redhat coolkey staff in
this matter just to acknowledge that there is a problem or that our
configuration is ok or not ok. Sometimes it's due to sth realy stupid
syntactically e.g..
What happen's e.g. up to the point where the PIN is prompted for? Is there need
for a 3rd pgm to come ask for the passwd, like there is with ssh authentication,
and is this missing? Do you see the same on your 32bit system as I see in my
working example?
On my systems where it doesn't work (Opensuse 11.3 and Fedora 14) I see a
frantically flickering led on the key. What is it communicating when normaly it
should come ask for the PIN? On the Fedora14 system I kept the stock packages,
on Opensuse I installed all the latest packages (pcsc-lite, pam_pkcs11, coolkey,
...). On this system the sim led only get's green when there's need for it, it
turns red again after each transaction. I guess this is new behaviour ... Also,
when using pkcs11_inspect, somethimes it takes a short and sometimes a very long
time before the 'no token available' is returned. Sometimes I have to re-insert
the sim to get things going. On Fedora14 the respons is quicker and the led
stays green al the time.
What I discovered was that the coolkey library name you see with "modutil" has
to be the exact same as the one in the pam_pkcs11.conf file, otherwise you get a
nasty error saying the lib couldn't be loaded. I tried with the short and long
library names and they give the same result as long as in both places you have
the same. I'm passed that now and I only get the 'no token available' message.
But what does this mean exactly? He found the usb sim, that's for sure. Does it
mean it can't find anything else (cert, key, ...)?
I know there are some guys within HP that have it working with ubuntu 10.10 but
that's a system I'm not familiar with at all. I could give that a try ...
Gtz,
Guy.
Andy Bentley, CISSP
NetCentric Operations Group
MIT Lincoln Laboratory
244 Wood Street, FA-130k
Lexington, MA 02024
Office: 781.981.1981
Cell: 508.932.9882
abentley@xxxxxxxxxx
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
--
...Lyall
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel