On Thu, 2014-12-04 at 08:08 -0500, mark wrote:
On 12/03/14 17:34, Cal Webster wrote:
Can anyone help with getting the new DoD CACs (Smart Card) to work in CentOS 6.6? I don't use it for console logins, only for email and .mil web sites.
I recently had to get a new DoD CAC (Smart Card) when one of the buildings I work in upgraded their security system. My old CAC was working fine prior to this for signing and encrypting email and for authenticating to various DoD (.mil) sites from the Internet using the coolkey libraries.
Dunno 'bout the new CaC keys, but they "upgraded" our PIV cards to 128? 256? I forget, earlier this year, and I *think* I remember my manager pushing an enhancement on upstream, and since then we've had no trouble with coolkey accessing them. The two *should* be identical.
Was source for this upstream enhancement released to the community? Not sure what you meant by "The two" - you mean coolkey and cackey?
<snip> > I've tried installing and loading the latest "cackey" libraries (see
I know nothing about cackey libraries, but it's possible that, and pcscd are arguing.
I don't see pcscd installed.
pcsc-lite-1.5.2-14.el6.x86_64 (listed on original post) contains pcscd. Sure that's possible but I see nothing to support that in the system logs.
I just got a cackey developer contact on forge.mil today from a Civil Svc engineer who does have access so I'll send him my data too.
Thanks Mark.
mark
<snip> > More relevant information below... > > Smart Card Reader: > SCM Microsystems Inc. SCR3310 USB Smart Card Reader (21120628202509) 00 > 00-0 > > Old CAC: GEMAL TO TOPDL GX4 144 > New CAC: G&D FIPS 201 SCE 3.2 > > > [root@inet3 ~]# cat /etc/redhat-release > CentOS release 6.6 (Final) > [root@inet3 ~]# uname -a > Linux inet3 2.6.32-504.1.3.el6.x86_64 #1 SMP Tue Nov 11 17:57:25 UTC > 2014 x86_64 x86_64 x86_64 GNU/Linux > [root@inet3 ~]# > > Installed Packages > > coolkey.i686 1.1.0-32.el6 @base > coolkey.x86_64 1.1.0-32.el6 @base > firefox.i686 31.2.0-3.el6.centos @updates > firefox.x86_64 31.2.0-3.el6.centos @updates > thunderbird.x86_64 31.2.0-3.el6.centos @updates > pcsc-lite.x86_64 1.5.2-14.el6 @base > pcsc-lite-devel.x86_64 1.5.2-14.el6 @base > pcsc-lite-libs.x86_64 1.5.2-14.el6 @base > nss.i686 3.16.1-14.el6 @base > nss.x86_64 3.16.1-14.el6 @base > nss-devel.x86_64 3.16.1-14.el6 @base > nss-softokn.i686 3.14.3-18.el6_6 @updates > nss-softokn.x86_64 3.14.3-18.el6_6 @updates > nss-softokn-devel.x86_64 3.14.3-18.el6_6 @updates > nss-softokn-freebl.i686 3.14.3-18.el6_6 @updates > nss-softokn-freebl.x86_64 3.14.3-18.el6_6 @updates > nss-softokn-freebl-devel.x86_64 3.14.3-18.el6_6 @updates > nss-sysinit.x86_64 3.16.1-14.el6 @base > nss-tools.x86_64 3.16.1-14.el6 @base > nss-util.i686 3.16.1-3.el6 @base > nss-util.x86_64 3.16.1-3.el6 @base > nss-util-devel.x86_64 3.16.1-3.el6 @base > > > [root@inet3 ~]# modutil -list -dbdir /etc/pki/nssdb > > Listing of PKCS #11 Modules > ----------------------------------------------------------- > 1. NSS Internal PKCS #11 Module > slots: 2 slots attached > status: loaded > > slot: NSS Internal Cryptographic Services > token: NSS Generic Crypto Services > > slot: NSS User Private Key and Certificate Services > token: NSS Certificate DB > > 2. CoolKey PKCS #11 Module > library name: libcoolkeypk11.so > slots: 1 slot attached > status: loaded > > slot: SCM Microsystems Inc. SCR3310 USB Smart Card Reader (21120628202 > token: WEBSTER.CALVIN.DALE.9427154028 > > 3. cackey > library name: libcackey.so > slots: 2 slots attached > status: loaded > > slot: CACKey Slot > token: WEBSTER.CALVIN.DALE.9427154028 > > slot: CACKey Slot > token: DoD Certificates
-
Cal Webster