Re: [gdm-list] Cannot get /usr/local/lib/opensc-pkcs11.so to work with gdm-smartcard-worker.
- From: Ray Strode <halfline gmail com>
- To: Patrik Martinsson <Patrik Martinsson smhi se>
- Cc: gdm-list gnome org
- Subject: Re: [gdm-list] Cannot get /usr/local/lib/opensc-pkcs11.so to work with gdm-smartcard-worker.
- Date: Tue, 24 Aug 2010 13:13:11 -0400
Hi,
On Tue, Aug 24, 2010 at 11:22 AM, Patrik Martinsson
<Patrik Martinsson smhi se> wrote:
> And without have done anything with the gdm-smartcard-worker code, this is
> my output.
>
> *** DEBUG: watching for smartcard insertion and removal events
> *** DEBUG: initializing smartcard manager
> *** DEBUG: attempting to load NSS database '/etc/pki/nssdb'
> *** DEBUG: NSS database sucessfully loaded
> *** DEBUG: attempting to load driver...
> *** DEBUG: loading smartcard driver using spec
> 'library="/usr/lib64/pkcs11/libcoolkeypk11.so"'
So what's going on here is it can't find any available drivers in
secmod so it's falling back to coolkey.
There was a bug in this code that was fixed after gdm-2.30.4-10.el6
which is probably what you're hitting:
* Fri Jul 16 2010 Ray Strode <rstrode redhat com> 2.30.4-10
- More smart card fixes
Related: #614672
* Fri Jul 16 2010 Ray Strode <rstrode redhat com> 2.30.4-9
- Fix driver selection in smartcard plugin
Resolves: #614672
[...]
> Question is, gdm-smartcard-worker here says that nss db successfully loaded,
> but still it loading the libcoolkeypk11.so, is that right ?
Nope.
> I figure coolkeypk11 didn't play nice with my card, since its not a coolkey
> card. (Im not really read-up on this area so correct me if I'm wrong, but we
> use SetCOS on our cards, therefore i use opensc instead....)
Yea, sounds right.
> So i removed /usr/lib64/pkcs11/libcoolkeypk11.so and made a symlink to
> /usr/local/lib/opensc-pkcs11.so instead (just to not recompile and change it
> there).
hmm, that might work.
> Here's the output of that experiment,
>
> *** DEBUG: watching for smartcard insertion and removal events
> *** DEBUG: initializing smartcard manager
> *** DEBUG: attempting to load NSS database '/etc/pki/nssdb'
> *** DEBUG: NSS database sucessfully loaded
> *** DEBUG: attempting to load driver...
> *** DEBUG: loading smartcard driver using spec
> 'library="/usr/lib64/pkcs11/libcoolkeypk11.so"'
> *** DEBUG: waiting for card event
> *** DEBUG: initializing smartcard
> *** DEBUG: initializing smartcard
> *** DEBUG: initializing smartcard
> *** DEBUG: initializing smartcard
> *** DEBUG: initializing smartcard
> *** DEBUG: smartcard manager started
> *** DEBUG: could not process card event - encountered unexpected error while
> waiting for smartcard events
>
> Clearly it seems to load that module instead, but it seems like some other
> issue here... Any ideas ?
This means NSS is failing from SECMOD_WaitForAnyTokenEvent ().
Unfortuntely, it would take some debugging to figure out why.
Does
pkcs11_eventmgr debug nodaemon
give any insights?
>>> That's only a fallback. Normally, the procedure is to register the
>>> pkcs11 driver in the secmod database in /etc/pki/nssdb using pk11install.
>>> Packages should be doing this in their %post scripts.
>>> Then the smartcard worker will automatically pick it up.
>
> Well i manually registered the opensc library to the secmod database, using
> the modutil command as follows,
> $ /usr/bin/modutil -force -dbdir /etc/pki/nssdb -add OpenSC -libfile
> /usr/local/lib/opensc-pkcs11.so
That should be fine. It's just I think you're getting hit by a bug
that was fixed a few versions after the version of gdm you have
installed.
>>> Ah, are you using RHEL 6?
> Yes, the beta 2-refresh release.
There have been a number of gdm smartcard fixes since then.
Unfortunately, I don't know dates when they'll be released.
--Ray
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
