[CentOS] Firefox fails to authenticate .mil sites with New DoD CAC
Cal Webster
cwebster at ec.rr.com
Thu Dec 4 16:11:20 UTC 2014
On Thu, 2014-12-04 at 08:08 -0500, mark wrote:
> On 12/03/14 17:34, Cal Webster wrote:
> > Can anyone help with getting the new DoD CACs (Smart Card) to work in
> > CentOS 6.6? I don't use it for console logins, only for email and .mil
> > web sites.
> >
> > I recently had to get a new DoD CAC (Smart Card) when one of the
> > buildings I work in upgraded their security system. My old CAC was
> > working fine prior to this for signing and encrypting email and for
> > authenticating to various DoD (.mil) sites from the Internet using the
> > coolkey libraries.
>
> Dunno 'bout the new CaC keys, but they "upgraded" our PIV cards to 128? 256? I
> forget, earlier this year, and I *think* I remember my manager pushing an
> enhancement on upstream, and since then we've had no trouble with coolkey
> accessing them. The two *should* be identical.
Was source for this upstream enhancement released to the community? Not
sure what you meant by "The two" - you mean coolkey and cackey?
> <snip>
> > I've tried installing and loading the latest "cackey" libraries (see
>
> I know nothing about cackey libraries, but it's possible that, and pcscd are
> arguing.
>
> I don't see pcscd installed.
pcsc-lite-1.5.2-14.el6.x86_64 (listed on original post) contains pcscd.
Sure that's possible but I see nothing to support that in the system
logs.
I just got a cackey developer contact on forge.mil today from a Civil
Svc engineer who does have access so I'll send him my data too.
Thanks Mark.
> mark
> <snip>
> > More relevant information below...
> >
> > Smart Card Reader:
> > SCM Microsystems Inc. SCR3310 USB Smart Card Reader (21120628202509) 00
> > 00-0
> >
> > Old CAC: GEMAL TO TOPDL GX4 144
> > New CAC: G&D FIPS 201 SCE 3.2
> >
> >
> > [root at inet3 ~]# cat /etc/redhat-release
> > CentOS release 6.6 (Final)
> > [root at inet3 ~]# uname -a
> > Linux inet3 2.6.32-504.1.3.el6.x86_64 #1 SMP Tue Nov 11 17:57:25 UTC
> > 2014 x86_64 x86_64 x86_64 GNU/Linux
> > [root at inet3 ~]#
> >
> > Installed Packages
> >
> > coolkey.i686 1.1.0-32.el6 @base
> > coolkey.x86_64 1.1.0-32.el6 @base
> > firefox.i686 31.2.0-3.el6.centos @updates
> > firefox.x86_64 31.2.0-3.el6.centos @updates
> > thunderbird.x86_64 31.2.0-3.el6.centos @updates
> > pcsc-lite.x86_64 1.5.2-14.el6 @base
> > pcsc-lite-devel.x86_64 1.5.2-14.el6 @base
> > pcsc-lite-libs.x86_64 1.5.2-14.el6 @base
> > nss.i686 3.16.1-14.el6 @base
> > nss.x86_64 3.16.1-14.el6 @base
> > nss-devel.x86_64 3.16.1-14.el6 @base
> > nss-softokn.i686 3.14.3-18.el6_6 @updates
> > nss-softokn.x86_64 3.14.3-18.el6_6 @updates
> > nss-softokn-devel.x86_64 3.14.3-18.el6_6 @updates
> > nss-softokn-freebl.i686 3.14.3-18.el6_6 @updates
> > nss-softokn-freebl.x86_64 3.14.3-18.el6_6 @updates
> > nss-softokn-freebl-devel.x86_64 3.14.3-18.el6_6 @updates
> > nss-sysinit.x86_64 3.16.1-14.el6 @base
> > nss-tools.x86_64 3.16.1-14.el6 @base
> > nss-util.i686 3.16.1-3.el6 @base
> > nss-util.x86_64 3.16.1-3.el6 @base
> > nss-util-devel.x86_64 3.16.1-3.el6 @base
> >
> >
> > [root at inet3 ~]# modutil -list -dbdir /etc/pki/nssdb
> >
> > Listing of PKCS #11 Modules
> > -----------------------------------------------------------
> > 1. NSS Internal PKCS #11 Module
> > slots: 2 slots attached
> > status: loaded
> >
> > slot: NSS Internal Cryptographic Services
> > token: NSS Generic Crypto Services
> >
> > slot: NSS User Private Key and Certificate Services
> > token: NSS Certificate DB
> >
> > 2. CoolKey PKCS #11 Module
> > library name: libcoolkeypk11.so
> > slots: 1 slot attached
> > status: loaded
> >
> > slot: SCM Microsystems Inc. SCR3310 USB Smart Card Reader (21120628202
> > token: WEBSTER.CALVIN.DALE.9427154028
> >
> > 3. cackey
> > library name: libcackey.so
> > slots: 2 slots attached
> > status: loaded
> >
> > slot: CACKey Slot
> > token: WEBSTER.CALVIN.DALE.9427154028
> >
> > slot: CACKey Slot
> > token: DoD Certificates
>
More information about the CentOS
mailing list