So, it *seems* to be working, pretty much. I needed to install
opensc, openct pcsc-lite, pcsc-lite-openct, and ctapi-common will be
installed as a dependency.
I *removed* coolkey and esc, which depended on it. 100% of the time, they
misidentifed the new/current US federal ID PIV-II cards as coolkey cards,
and popped up this "phone home" window, then a "manage smartcards" window.
Without them, I also don't see an icon in the taskbar... but using ssh-add
(actually, my manager built openssh, opensc and openct from current
source, 5.4? 5.5?, and renamed stuff to piv-....), so I do piv-ssh-add -s
opensc-pkcs11.so, and it adds the card. Before you do that... configure
/etc/pam_pkcs11/pam_pkcs11.conf so that
# Filename of the PKCS #11 module. The default value is "default"
use_pkcs11_module = opensc;
and you may have to decide on a mapper. Then restart pcscd, and you should
be good to go.
At any rate, no wrong/confusing windows, and logins work. I do note that
if I try to use my regular password, I need to pull my card out of the
reader.
On a related note, from WinDoze, there's a version of putty that works
<http://www.risacher.org/putty-cac/putty-cac-experimental/windows/?C=N;O=D>.
Once installed, when you bring up the putty window, click on expand ssh,
then click on pkcs. The one thing needed is the right dll, which, if
you're running a 64 bit system, and using, say, ActivIdentity, c:\Program
Files (x86)\ActivIdentity\ActivClient\acpkcs211.dll
MAKE SURE you get the right .dll; if you're running 32 bit, it will be the
other one.
mark