FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 11-22-2010, 06:21 PM
 
Default pcscd

Anyone working with/using it? One thing that's driving me nuts is that it
keeps spitting garbage into the logs (card absent or mute!!!). I just
tried editing /etc/init.d/pcscd - there's *no* way to pass parms from the
config file - and set the logging level to --error, and it's still doing
it.

Clues for the poor, to shut it up?

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-22-2010, 06:21 PM
 
Default pcscd

Anyone working with/using it? One thing that's driving me nuts is that it
keeps spitting garbage into the logs (card absent or mute!!!). I just
tried editing /etc/init.d/pcscd - there's *no* way to pass parms from the
config file - and set the logging level to --error, and it's still doing
it.

Clues for the poor, to shut it up?

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-29-2010, 08:55 PM
Todd Denniston
 
Default pcscd

m.roth@5-cent.us wrote, On 11/22/2010 02:21 PM:
> Anyone working with/using it? One thing that's driving me nuts is that it
> keeps spitting garbage into the logs (card absent or mute!!!). I just
> tried editing /etc/init.d/pcscd - there's *no* way to pass parms from the
> config file - and set the logging level to --error, and it's still doing
> it.
>
> Clues for the poor, to shut it up?
>
> mark
>

Did you try --critical ??

Did someone make the mistake of having both pcsc and openct loaded on the same machine?

Did someone load ctapi-cyberjack with out having one of those readers? [I have had this ifd-handler
cause a LOT of trouble that seemed similar to yours, before I learned not to install it.]

BTW if the card reader thinks there is a card, but pcscd can't establish communication with the card
then that is an error or critical. IIRC you only get the messages like you showed when pcscd thinks
there should be a card physically present.

Does anyone use a smart card with the machine?
* If no, then either
`chkconfig pcscd off`
or
`yum remove pcsc-lite`

* If yes, ask your question over on the muscle list, which is where the fellow who maintains pcsc
hangs out and he may have some incantation for you.
http://lists.drizzle.com/mailman/listinfo/muscle



Hope this helps.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-29-2010, 09:20 PM
 
Default pcscd

Todd Denniston wrote:
> m.roth@5-cent.us wrote, On 11/22/2010 02:21 PM:
>> Anyone working with/using it? One thing that's driving me nuts is that
>> it keeps spitting garbage into the logs (card absent or mute!!!). I just
>> tried editing /etc/init.d/pcscd - there's *no* way to pass parms from
>> the config file - and set the logging level to --error, and it's still
doing
>> it.
>>
>> Clues for the poor, to shut it up?
>
> Did you try --critical ??

No, I haven't. I was hoping for something useful in the logs that might
help me on other things.
>
> Did someone make the mistake of having both pcsc and openct loaded on the
> same machine?

Um, say *wha*? My manager told me to load both. I've got pcsc-lite,
pcsc-lite-libs, and openct. I can read the card, but when I stick it into
a reader, it brings up two windows, one after the other: the first wants
the phone home URL, and I tell it close, and then the one to "manage smart
cards". It should not phone home.
>
> Did someone load ctapi-cyberjack with out having one of those readers? [I

Nope.
<snip>
>
> BTW if the card reader thinks there is a card, but pcscd can't establish
> communication with the card then that is an error or critical. IIRC you
only
> get the messages like you showed when pcscd thinks there should be a
card physically
> present.

Hmmm... it does show problems: card not transacted: 612.
>
> Does anyone use a smart card with the machine?
<snip>
> * If yes, ask your question over on the muscle list, which is where the
> fellow who maintains pcsc
> hangs out and he may have some incantation for you.
> http://lists.drizzle.com/mailman/listinfo/muscle
>
Thanks. My manager did get it working on his machine (FC, now 14). I may
have to rebuild sshd with smartcard support, *if* I can find the source.
>
> Hope this helps.

It leads to questions I didn't know to ask. Thanks!

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-30-2010, 12:17 AM
Todd Denniston
 
Default pcscd

m.roth@5-cent.us wrote, On 11/29/2010 05:20 PM:
> Todd Denniston wrote:
>> m.roth@5-cent.us wrote, On 11/22/2010 02:21 PM:
>>> Anyone working with/using it? One thing that's driving me nuts is that
>>> it keeps spitting garbage into the logs (card absent or mute!!!). I just
>>> tried editing /etc/init.d/pcscd - there's *no* way to pass parms from
>>> the config file - and set the logging level to --error, and it's still
> doing
>>> it.
>>>
>>> Clues for the poor, to shut it up?


>> Did someone make the mistake of having both pcsc and openct loaded on the
>> same machine?
>
> Um, say *wha*? My manager told me to load both. I've got pcsc-lite,
> pcsc-lite-libs, and openct.

Known issue, they both (pcscd and openct) need exclusive access to the card reader.
load one or the other. [Yes, I have been there, and got the T-shirt.]

BTW (IIRC you were working for a leg of the government in your spare time) if you are working with a
CAC, then pcscd and coolkey* are enough.
*note if you are working with the latest transitional CAC/PIV you'll need a more current coolkey
such as coolkey-1.1.0-16.el6.src.rpm from RH.
https://bugzilla.redhat.com/show_bug.cgi?id=622916
https://bugzilla.redhat.com/show_bug.cgi?id=534172#c67

It was rumored (by some one I would trust to know) at one time (on the muscle list) that openct and
a different pkcs11 lib would be needed for the full on PIV, I don't know if this update to coolkey
makes that disappear.

> I can read the card, but when I stick it into
> a reader, it brings up two windows, one after the other: the first wants
> the phone home URL, and I tell it close, and then the one to "manage smart
> cards". It should not phone home.

[I won't be here to answer for a while, but the answer to this question will help anyone trying to
answer yours.]
Which product is bringing up the windows? ESC (Enterprise Security Client Smart Card Client)?
This may be an effect of the offending product not being able to read the card because the daemon it
is asking can't gain exclusive access to the card reader, and thus it can not identify a card that
already has an applet on it.


> <snip>
>> * If yes, ask your question over on the muscle list, which is where the
>> fellow who maintains pcsc
>> hangs out and he may have some incantation for you.
>> http://lists.drizzle.com/mailman/listinfo/muscle
>>
> Thanks. My manager did get it working on his machine (FC, now 14). I may
> have to rebuild sshd with smartcard support, *if* I can find the source.
>> Hope this helps.

the sshd that ships with CentOS does work with smart cards.
Things have changed a little since
https://bugzilla.redhat.com/show_bug.cgi?id=186469#c8
https://bugzilla.redhat.com/show_bug.cgi?id=186469#c15

Unfortunately the best README.nss I can get you is in
http://www.redhat.com/archives/fedora-extras-commits/2007-September/msg01179.html

now days you should (after getting the daemons and pkcs11 sorted out, `pkcs11_inspect --debug` [with
no one looking over your shoulder] will become a friend) be able to to do the following (at least
with a cac):
get nssdb filled with the CAs in ~/.ssh/
ssh-add -n #give pin
ssh-add -L > authorized_keys
ssh othermachinereadingaboveAKfile


>
> It leads to questions I didn't know to ask. Thanks!
>
> mark



--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-09-2010, 01:57 PM
jarmo
 
Default Pcscd

What could cause this?

Dec 9 03:24:02 oh1mrr pcscd: winscard.c:285:SCardConnect()
Reader E-Gate 0 0 Not Found
Dec 9 03:24:02 oh1mrr pcscd: winscard_svc.c:447:ContextThread()
CONNECT rv=0x80100009 for client 2

I don't have service pcscd running. Mystery...

Jarmo
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 09:48 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org