Re: [gdm-list] Cannot get /usr/local/lib/opensc-pkcs11.so to work with gdm-smartcard-worker.

[Mr Dash Four <mr dash four googlemail com>]

Ray Strode <halfline <at> gmail.com> writes:

> There have been a number of gdm smartcard fixes since then.
> Unfortunately, I don't know dates when they'll be released.

Just picked up on this as I am having a very similar problem!

I am using Aladdin eToken 64k and have it configured to work properly with
opensc-pkcs11.so instead of libcoolkey (libcoolkey does NOT work). 

I can log in to the terminal (from console) without a hitch, but I cannot make
the gdm-smartcard-worker use my pkcs11 library instead of that not-so-cool-key
one. 

When I select the 'Smartcard authorisation' option from the gdm login it reads
the smartcard and it just does nothing after that. I know this is caused by the
coolkey library because I had exactly the same problem with the console log in
prior to switching to opensc. 

When I started the worker manually I am getting this:

==================
[root test1 pkcs11]# /usr/libexec/gdm-smartcard-worker
*** DEBUG: watching for smartcard insertion and removal events
*** DEBUG: initializing smartcard manager
*** DEBUG: attempting to load NSS database '/etc/pki/nssdb'
*** DEBUG: NSS database sucessfully loaded
*** DEBUG: attempting to load driver...
*** DEBUG: loading smartcard driver using spec
'library="/usr/lib64/pkcs11/libcoolkeypk11.so"'
*** DEBUG: waiting for card event
*** DEBUG: initializing smartcard 
*** DEBUG: smartcard manager started
*** DEBUG: got spurious remove event
*** DEBUG: waiting for card event
==================

And it just sits there waiting... I tried to create a symlink to
opensc-pkcs11.so (with the exact name of the libcoolkey.so as a target), but
when I start the worker I get exactly the same error as the OP:

==================
[root test1 pkcs11]# /usr/libexec/gdm-smartcard-worker 
*** DEBUG: watching for smartcard insertion and removal events
*** DEBUG: initializing smartcard manager
*** DEBUG: attempting to load NSS database '/etc/pki/nssdb'
*** DEBUG: NSS database sucessfully loaded
*** DEBUG: attempting to load driver...
*** DEBUG: loading smartcard driver using spec
'library="/usr/lib64/pkcs11/libcoolkeypk11.so"'

** (process:8980): CRITICAL **: _gdm_smartcard_new: assertion `slot_id >= 1' 
failed
*** DEBUG: waiting for card event
Segmentation fault (core dumped)
==================

I downloaded the gdm source, but cannot find any references to 'changing' the
code to accept slot_id = 0 or slot_id = 1 (in which my token is), so I am really
stuck with this and would appreciate any help. pklogin_finder, pkcs11_inspect as
well as console login works like they are supposed to. modutil lists all the
available slots below:

==================
[root test1 pkcs11]# modutil -list -dbdir /etc/pki/nssdb

Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal PKCS #11 Module
	 slots: 2 slots attached
	status: loaded

	 slot: NSS Internal Cryptographic Services
	token: NSS Generic Crypto Services

	 slot: NSS User Private Key and Certificate Services
	token: NSS Certificate DB

  2. OpenSC PKCS #11 Module
	library name: opensc-pkcs11.so
	 slots: 16 slots attached
	status: loaded

	 slot: Aladdin eToken PRO 64 00 00
	token: zeek (zeek PIN)

	 slot: Aladdin eToken PRO 64 00 00
	token: 

	 slot: Aladdin eToken PRO 64 00 00
	token: 

	 slot: Aladdin eToken PRO 64 00 00
	token: 

	 slot: Virtual slot
	token: 

	 slot: Virtual slot
	token: 

	 slot: Virtual slot
	token: 

	 slot: Virtual slot
	token: 

	 slot: Virtual slot
	token: 

	 slot: Virtual slot
	token: 

	 slot: Virtual slot
	token: 

	 slot: Virtual slot
	token: 

	 slot: Virtual slot
	token: 

	 slot: Virtual slot
	token: 

	 slot: Virtual slot
	token: 

	 slot: Virtual slot
	token: 
-----------------------------------------------------------
==================

I am on up-to-date FC13, x86_64 and using gdm 2.30-2.