Re: Coolkey use problems on Fedora 14 (no token available)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 02/10/2011 10:39 PM, Guy wrote:
> Bob,
> Op 09-02-11 22:33, Robert Relyea schreef:
>> On 02/09/2011 12:33 PM, Guy wrote:
>>> Hi,
>>> I'm the one who started this thread but it got slightly derailed and
>>> biased towards gentoo.
>>> My systems are Opensuse 11.3 and Fedora14 and the problem I have is
>>> that I do not get prompted for the PIN when issueing either
>>> pkcs11_inspect or pkcs11_listcerts. I've never seen it work on either
>>> of these systems. Pcsc_scan works though, it never complains.
>> This seems to indicate a problem with the pkcs11 module (probably
>> coolkey). Is the card you are using an actual CAC card, or one of
>> ActiveCard's 'CAC-Like' (where they use the CAC applet, but issued
>> through some other agency than DISA).
> It's not a card as such, it's a usb sim (appearance is that of a usb
> memory stick) so I guess it's CAC-Like.
> A lot of information can be found withing this thread where Lyall and
> myself supply output of various commands.
> I'm not qualified enough to give you the answer right away I' afraid.
>>> My Opensuse 11.3 bears all the latest pcsc-lite, opensc, coolkey, etc
>>> packages. The Fedora14 system is stock + all automatic updates.
>>> I run these 2 systems on a Dell Lattitude D830 over the usb port
>>> (opensuse on a usb disk, fedora on a usb memory stick).
>>> I plugged the Fedorea usb stick into my home tower pc, with an Asus
>>> mobo, but the results are the same, so it's not Dell specific.
>>> My home tower pc runs Opensuse 11.0 natively and there it just works
>>> fine, I'm asked for the PIN and when supplied I get the certificates
>>> listed.
>>> The coolkey package, version 1.1.0-79.1, dates from June 2008.
>> Thanks, this is helpful. How many certs does your card have?
> There's only one cert on it (this is an excerpt from my old working
> Opensuse 11.0 distro) :
> DEBUG:pkcs11_lib.c:47: PIN = [xxxxxxxx]
> DEBUG:pkcs11_lib.c:528: cert 0: found (Guy Zelck:CAC ID Certificate),
> "E=guy.zelck@xxxxxx,CN=Guy Zelck,OU=VPN-WEB-H,OU=Employment Status -
> Employees,O=Hewlett-Packard Company"
> DEBUG:pkcs11_listcerts.c:112: Found '1' certificate(s)
> DEBUG:pkcs11_listcerts.c:117: Certificate #1:
> DEBUG:pkcs11_listcerts.c:119: - Subject:   E=guy.zelck@xxxxxx,CN=Guy
> Zelck,OU=VPN-WEB-H,OU=Employment Status - Employees,O=Hewlett-Packard
> Company
> DEBUG:pkcs11_listcerts.c:121: - Issuer:    CN=Hewlett-Packard Primary
> Class 2 Certification Authority,O=Hewlett-Packard Company,C=US,OU=IT
> Infrastructure,
> DEBUG:pkcs11_listcerts.c:123: - Algorithm: PKCS #1 RSA Encryption
> DEBUG:cert_vfy.c:32: Verifying Cert: Guy Zelck:CAC ID Certificate
> (E=guy.zelck@xxxxxx,CN=Guy Zelck,OU=VPN-WEB-H,OU=Employment Status -
> Employees,O=Hewlett-Packard Company)
> DEBUG:pkcs11_listcerts.c:147: releasing pkcs #11 module...
> DEBUG:pkcs11_listcerts.c:150: Process completed

OK, my guess is you are running into a bug in coolkey that expects 3
certs, not one. It was fixed at one point in time, but appears to have
regressed. It would be good to add that info to the bug.

> Gtz,
> Guy.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Coolkey-devel mailing list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux