Can anyone help with getting the new DoD CACs (Smart Card) to work in CentOS 6.6? I don't use it for console logins, only for email and .mil web sites. I recently had to get a new DoD CAC (Smart Card) when one of the buildings I work in upgraded their security system. My old CAC was working fine prior to this for signing and encrypting email and for authenticating to various DoD (.mil) sites from the Internet using the coolkey libraries. After getting my new CAC I am no longer able to authenticate to any DoD sites. I can still sign and encrypt email in Thunderbird via the coolkey libraries but .mil sites either simply display blank pages or raise various errors in firefox. I am prompted for my PIN, which is successfully accepted but I'm not even prompted for which cert to use, like I used to be. I've tried installing and loading the latest "cackey" libraries (see below) but when I insert my CAC and attempt to login to the module in the Mozilla device manager it completely freezes firefox. Recovery requires killing firefox. If I remove the latest and install the next previous cackey library it works the same as coolkey - doesn't freeze up firefox but never connects to .mil sites. I tried building the cackey RPMs from the source RPMs too but the result is the same. Latest 64-bit cackey: cackey-0.6.8-3522.x86_64.rpm Next previous cackey: cackey-0.6.5-2444.x86_64.rpm I'm pretty sure it has something to do with the newer PIV CAC internal layout. I went through a similar transition when the GEMAL 144 cards came out but the cackey libraries did at least work and coolkey eventually caught up. One thing is for sure... the cackey RPM from forge.mil is not a drop-in replacement for coolkey. The cackey RPM only installs the libraries themselves, nothing else. It doesn't even register them in the nss db I had to do that manually with modutil. I must be missing something... Without direct access to forge.mil it's difficult to troubleshoot cackey. For some silly reason they still require CAC authentication to get the CAC software and drivers and access the forums, etc. More relevant information below... I'd be grateful for any ideas or advice on this. I desperately need to retrieve vulnerability reports, patches, and other DoD resources. Thanks! Cal Webster Smart Card Reader: SCM Microsystems Inc. SCR3310 USB Smart Card Reader (21120628202509) 00 00-0 Old CAC: GEMAL TO TOPDL GX4 144 New CAC: G&D FIPS 201 SCE 3.2 [root@inet3 ~]# cat /etc/redhat-release CentOS release 6.6 (Final) [root@inet3 ~]# uname -a Linux inet3 2.6.32-504.1.3.el6.x86_64 #1 SMP Tue Nov 11 17:57:25 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux [root@inet3 ~]# Installed Packages coolkey.i686 1.1.0-32.el6 @base coolkey.x86_64 1.1.0-32.el6 @base firefox.i686 31.2.0-3.el6.centos @updates firefox.x86_64 31.2.0-3.el6.centos @updates thunderbird.x86_64 31.2.0-3.el6.centos @updates pcsc-lite.x86_64 1.5.2-14.el6 @base pcsc-lite-devel.x86_64 1.5.2-14.el6 @base pcsc-lite-libs.x86_64 1.5.2-14.el6 @base nss.i686 3.16.1-14.el6 @base nss.x86_64 3.16.1-14.el6 @base nss-devel.x86_64 3.16.1-14.el6 @base nss-softokn.i686 3.14.3-18.el6_6 @updates nss-softokn.x86_64 3.14.3-18.el6_6 @updates nss-softokn-devel.x86_64 3.14.3-18.el6_6 @updates nss-softokn-freebl.i686 3.14.3-18.el6_6 @updates nss-softokn-freebl.x86_64 3.14.3-18.el6_6 @updates nss-softokn-freebl-devel.x86_64 3.14.3-18.el6_6 @updates nss-sysinit.x86_64 3.16.1-14.el6 @base nss-tools.x86_64 3.16.1-14.el6 @base nss-util.i686 3.16.1-3.el6 @base nss-util.x86_64 3.16.1-3.el6 @base nss-util-devel.x86_64 3.16.1-3.el6 @base [root@inet3 ~]# modutil -list -dbdir /etc/pki/nssdb Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal PKCS #11 Module slots: 2 slots attached status: loaded slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services slot: NSS User Private Key and Certificate Services token: NSS Certificate DB 2. CoolKey PKCS #11 Module library name: libcoolkeypk11.so slots: 1 slot attached status: loaded slot: SCM Microsystems Inc. SCR3310 USB Smart Card Reader (21120628202 token: WEBSTER.CALVIN.DALE.9427154028 3. cackey library name: libcackey.so slots: 2 slots attached status: loaded slot: CACKey Slot token: WEBSTER.CALVIN.DALE.9427154028 slot: CACKey Slot token: DoD Certificates ----------------------------------------------------------- [root@inet3 ~]# _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos