On Út, 2015-05-19 at 15:59 +0200, David Jaša wrote: > On Út, 2015-05-19 at 09:00 -0400, Thomas Foster wrote: > > David, > > > > While using the spice client have you put your cac into your local > > reader? If so, we're you able to use it? I ask because if you look > > at my screenshots from my last email I get the same usb device > > (usbccid), but I also get an extra device that is a problem. > > > > _______________________________________________ > > Spice-devel mailing list > > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > > http://lists.freedesktop.org/mailman/listinfo/spice-devel > > Hm, I think I start understanding your situation: you're using linux > client (CentOS 7?), Windows 7 guest and the smart card doesn't work > for you. When you write "drivers in spice client" you actually mean > drivers for client OS. That's card-dependent. You need to have a > "smart card middleware" installed in the system and registered in nss, > e.g.: > > $ modutil -dbdir /etc/pki/nssdb -list > > Listing of PKCS #11 Modules > ----------------------------------------------------------- > 1. NSS Internal PKCS #11 Module > slots: 2 slots attached > status: loaded > > slot: NSS Internal Cryptographic Services > token: NSS Generic Crypto Services > > slot: NSS User Private Key and Certificate Services > token: NSS Certificate DB > > 2. CoolKey PKCS #11 Module > library name: libcoolkeypk11.so > slots: 1 slot attached > status: loaded > > slot: Gemalto PC Twin Reader 00 00 > token: spice qe > > 3. p11-kit > library name: /usr/lib64/pkcs11/p11-kit-trust.so > slots: 2 slots attached > status: loaded > > slot: /etc/pki/ca-trust/source > token: System Trust > > slot: /usr/share/pki/ca-trust-source > token: Default Trust > ----------------------------------------------------------- > > Module 2. is the one that provides my smartcard, "slot: Gemalto PC > Twin Reader 00 00" is my physical card reader, . Coolkey is not > however officially sanctioned in windows (although unofficial builds > exist) So official builds exist as well but you'd need a Red Hat Certificate System subscription in order to access them: https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Managing_Smart_Cards_with_the_Enterprise_Security_Client/install-windows.html David > so if you intend to use the card in Windows, you'll need a different > middleware for it and possibly, you'll need to register it to nss by > hand: > > # modutil -dbdir /etc/pki/nssdb -add "some name for your pkcs#11 module" -libfile /usr/lib64/pkcs11/your_fancy_p11_library.so > > once done, the "spice client" will pick up the card automatically and > it will show up in the working card reader in Windows with no further > configuration. > Alternatively, if your card doesn't have linux drivers (or it needs to > be formatted by some Windows tool to a format specific for that > tool...), the option for you is to use USB redirection of the whole > card reader: > > Then the card won't be obviously available in the client OS but that's > kind of irrelevant if it's format need to be incompatible with the > client OS anyway. > Please note also that I had to stop and mask pcscd in the client > system in order to make the reader redirect. Note also that you'll > need the driver for the physical reader in the guest OS in this > scenario (the Gemalto driver for my card reader was also available > through Windows update). The card was not recognized in my case > beacause it's CoolKey/RHCS-formatted which would need the driver > linked above in Windows: > > > HTH, > > David > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > http://lists.freedesktop.org/mailman/listinfo/spice-devel _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel