[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: Coolkey use problems on Fedora 14 (no token available)



Bob,

Op 09-02-11 22:33, Robert Relyea schreef:
On 02/09/2011 12:33 PM, Guy wrote:
Hi,

I'm the one who started this thread but it got slightly derailed and
biased towards gentoo.
My systems are Opensuse 11.3 and Fedora14 and the problem I have is
that I do not get prompted for the PIN when issueing either
pkcs11_inspect or pkcs11_listcerts. I've never seen it work on either
of these systems. Pcsc_scan works though, it never complains.
This seems to indicate a problem with the pkcs11 module (probably
coolkey). Is the card you are using an actual CAC card, or one of
ActiveCard's 'CAC-Like' (where they use the CAC applet, but issued
through some other agency than DISA).

It's not a card as such, it's a usb sim (appearance is that of a usb memory stick) so I guess it's CAC-Like.
A lot of information can be found withing this thread where Lyall and myself supply output of various commands.
I'm not qualified enough to give you the answer right away I' afraid.


My Opensuse 11.3 bears all the latest pcsc-lite, opensc, coolkey, etc
packages. The Fedora14 system is stock + all automatic updates.
I run these 2 systems on a Dell Lattitude D830 over the usb port
(opensuse on a usb disk, fedora on a usb memory stick).
I plugged the Fedorea usb stick into my home tower pc, with an Asus
mobo, but the results are the same, so it's not Dell specific.

My home tower pc runs Opensuse 11.0 natively and there it just works
fine, I'm asked for the PIN and when supplied I get the certificates
listed.
The coolkey package, version 1.1.0-79.1, dates from June 2008.
Thanks, this is helpful. How many certs does your card have?

There's only one cert on it (this is an excerpt from my old working Opensuse 11.0 distro) :

DEBUG:pkcs11_lib.c:47: PIN = [xxxxxxxx]
DEBUG:pkcs11_lib.c:528: cert 0: found (Guy Zelck:CAC ID Certificate), "E=guy.zelck@xxxxxx,CN=Guy Zelck,OU=VPN-WEB-H,OU=Employment Status - Employees,O=Hewlett-Packard Company"
DEBUG:pkcs11_listcerts.c:112: Found '1' certificate(s)
DEBUG:pkcs11_listcerts.c:117: Certificate #1:
DEBUG:pkcs11_listcerts.c:119: - Subject: E=guy.zelck@xxxxxx,CN=Guy Zelck,OU=VPN-WEB-H,OU=Employment Status - Employees,O=Hewlett-Packard Company DEBUG:pkcs11_listcerts.c:121: - Issuer: CN=Hewlett-Packard Primary Class 2 Certification Authority,O=Hewlett-Packard Company,C=US,OU=IT Infrastructure,O=hp.com
DEBUG:pkcs11_listcerts.c:123: - Algorithm: PKCS #1 RSA Encryption
DEBUG:cert_vfy.c:32: Verifying Cert: Guy Zelck:CAC ID Certificate (E=guy.zelck@xxxxxx,CN=Guy Zelck,OU=VPN-WEB-H,OU=Employment Status - Employees,O=Hewlett-Packard Company)
DEBUG:pkcs11_listcerts.c:147: releasing pkcs #11 module...
DEBUG:pkcs11_listcerts.c:150: Process completed


Gtz,
Guy.

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel


[Home]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Red Hat 9 Bible]     [Fedora Bible]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]

Powered by Linux

Google
  Web www.spinics.net