On Thu, 2014-12-04 at 08:08 -0500, mark wrote: > On 12/03/14 17:34, Cal Webster wrote: > > Can anyone help with getting the new DoD CACs (Smart Card) to work in > > CentOS 6.6? I don't use it for console logins, only for email and .mil > > web sites. > > > > I recently had to get a new DoD CAC (Smart Card) when one of the > > buildings I work in upgraded their security system. My old CAC was > > working fine prior to this for signing and encrypting email and for > > authenticating to various DoD (.mil) sites from the Internet using the > > coolkey libraries. > > Dunno 'bout the new CaC keys, but they "upgraded" our PIV cards to 128? 256? I > forget, earlier this year, and I *think* I remember my manager pushing an > enhancement on upstream, and since then we've had no trouble with coolkey > accessing them. The two *should* be identical. Was source for this upstream enhancement released to the community? Not sure what you meant by "The two" - you mean coolkey and cackey? > <snip> > > I've tried installing and loading the latest "cackey" libraries (see > > I know nothing about cackey libraries, but it's possible that, and pcscd are > arguing. > > I don't see pcscd installed. pcsc-lite-1.5.2-14.el6.x86_64 (listed on original post) contains pcscd. Sure that's possible but I see nothing to support that in the system logs. I just got a cackey developer contact on forge.mil today from a Civil Svc engineer who does have access so I'll send him my data too. Thanks Mark. > mark > <snip> > > More relevant information below... > > > > Smart Card Reader: > > SCM Microsystems Inc. SCR3310 USB Smart Card Reader (21120628202509) 00 > > 00-0 > > > > Old CAC: GEMAL TO TOPDL GX4 144 > > New CAC: G&D FIPS 201 SCE 3.2 > > > > > > [root at inet3 ~]# cat /etc/redhat-release > > CentOS release 6.6 (Final) > > [root at inet3 ~]# uname -a > > Linux inet3 2.6.32-504.1.3.el6.x86_64 #1 SMP Tue Nov 11 17:57:25 UTC > > 2014 x86_64 x86_64 x86_64 GNU/Linux > > [root at inet3 ~]# > > > > Installed Packages > > > > coolkey.i686 1.1.0-32.el6 @base > > coolkey.x86_64 1.1.0-32.el6 @base > > firefox.i686 31.2.0-3.el6.centos @updates > > firefox.x86_64 31.2.0-3.el6.centos @updates > > thunderbird.x86_64 31.2.0-3.el6.centos @updates > > pcsc-lite.x86_64 1.5.2-14.el6 @base > > pcsc-lite-devel.x86_64 1.5.2-14.el6 @base > > pcsc-lite-libs.x86_64 1.5.2-14.el6 @base > > nss.i686 3.16.1-14.el6 @base > > nss.x86_64 3.16.1-14.el6 @base > > nss-devel.x86_64 3.16.1-14.el6 @base > > nss-softokn.i686 3.14.3-18.el6_6 @updates > > nss-softokn.x86_64 3.14.3-18.el6_6 @updates > > nss-softokn-devel.x86_64 3.14.3-18.el6_6 @updates > > nss-softokn-freebl.i686 3.14.3-18.el6_6 @updates > > nss-softokn-freebl.x86_64 3.14.3-18.el6_6 @updates > > nss-softokn-freebl-devel.x86_64 3.14.3-18.el6_6 @updates > > nss-sysinit.x86_64 3.16.1-14.el6 @base > > nss-tools.x86_64 3.16.1-14.el6 @base > > nss-util.i686 3.16.1-3.el6 @base > > nss-util.x86_64 3.16.1-3.el6 @base > > nss-util-devel.x86_64 3.16.1-3.el6 @base > > > > > > [root at inet3 ~]# modutil -list -dbdir /etc/pki/nssdb > > > > Listing of PKCS #11 Modules > > ----------------------------------------------------------- > > 1. NSS Internal PKCS #11 Module > > slots: 2 slots attached > > status: loaded > > > > slot: NSS Internal Cryptographic Services > > token: NSS Generic Crypto Services > > > > slot: NSS User Private Key and Certificate Services > > token: NSS Certificate DB > > > > 2. CoolKey PKCS #11 Module > > library name: libcoolkeypk11.so > > slots: 1 slot attached > > status: loaded > > > > slot: SCM Microsystems Inc. SCR3310 USB Smart Card Reader (21120628202 > > token: WEBSTER.CALVIN.DALE.9427154028 > > > > 3. cackey > > library name: libcackey.so > > slots: 2 slots attached > > status: loaded > > > > slot: CACKey Slot > > token: WEBSTER.CALVIN.DALE.9427154028 > > > > slot: CACKey Slot > > token: DoD Certificates >