Jason Pyeron wrote: >> [mailto:centos-bounces at centos.org] On Behalf Of m.roth at 5-cent.us >> >> So, it *seems* to be working, pretty much. I needed to >> install opensc, openct pcsc-lite, pcsc-lite-openct, and >> ctapi-common will be installed as a dependency. > > Awesome. Glad to help. Don't see any reason for anyone else to tear out their hair, when there's a solution. Esp. given that this is a) all open source, and b) I work for a federal contractor, this is defined as public domain info. > >> >> I *removed* coolkey and esc, which depended on it. 100% of >> the time, they misidentifed the new/current US federal ID >> PIV-II cards as coolkey cards, and popped up this "phone >> home" window, then a "manage smartcards" window. >> >> Without them, I also don't see an icon in the taskbar... but >> using ssh-add (actually, my manager built openssh, opensc and >> openct from current source, 5.4? 5.5?, and renamed stuff to >> piv-....), so I do piv-ssh-add -s opensc-pkcs11.so, and it >> adds the card. Before you do that... configure >> /etc/pam_pkcs11/pam_pkcs11.conf so that # Filename of the >> PKCS #11 module. The default value is "default" >> use_pkcs11_module = opensc; >> and you may have to decide on a mapper. Then restart pcscd, >> and you should be good to go. >> >> At any rate, no wrong/confusing windows, and logins work. I >> do note that if I try to use my regular password, I need to >> pull my card out of the reader. >> > > I am going to try to duplicate this. With my CAC I got in October (should > be a PIV II). Try this, once you've got the reader plugged in, and pcscd running: To list all the public certificates on a PIV card do pkcs15-tool --list-public-keys At this point, there are websites out there with more info on cert extraction and installation. Note that your security org should have a CA cert that you'll need to install. > >> On a related note, from WinDoze, there's a version of putty >> that works >> <http://www.risacher.org/putty-cac/putty-cac-experimental/wind > ows/?C=N;O=D>. >> Once installed, when you bring up the putty window, click on >> expand ssh, then click on pkcs. The one thing needed is the >> right dll, which, if you're running a 64 bit system, and >> using, say, ActivIdentity, c:\Program Files >> (x86)\ActivIdentity\ActivClient\acpkcs211.dll >> >> MAKE SURE you get the right .dll; if you're running 32 bit, >> it will be the other one. >> > Going to try this right now. > Good luck. mark