[CentOS] CentOS 6, firefox, PIV cards

Wed Dec 7 22:07:04 UTC 2016
m.roth at 5-cent.us <m.roth at 5-cent.us>

Hi, Todd,

Denniston, Todd A CIV NAVSURFWARCENDIV Crane, JXVS wrote:
> m.roth at 5-cent.us further wrote:
> ##############
> m.roth at 5-cent.us wrote:
>>    Up until a few weeks ago, it worked as it has been for years:
>> firefox,security device is libcoolkey, and pcscd.
>>    Today, I go to use it (I have done updates sine I last used it), and
>> try preferences->advanced->certificates, and it hangs. My most recent
>> try was for over 20 min. If you move something over the window, then
>> move it away, it's a blank window. Pull out the card, and *some* of the
>> time, it pops up the window showing no certs, having never asked for a
>> PIN. The rest of the time, firefox crashes, hard.
>>    I know the pcscd part works - I used it via a script this morning
>> from the command line, as does pkcs15-tool from the command line.
>>    Anyone got any clues? Maybe I should downgrade (if I can) firefox?

Before I start, let me say it was resolved - my manager has a script that
does something to the profiles (which I need to look at). There's a good
chance that the Chain of Authorities had either expired, or gotten hosed
somehow (that's my guess).

> Not yet had the issue(s) but I do have some questions:
> 1) is this with the same physical PIV that you have been using "Up until a
> few weeks ago", that is did you (or the affected person) get a new PIV
> recently?


> 1a) does firefox have the certificate authorities loaded which cover the
> card in question (make sure to trace back to the root CA, there have been
> changes)?

It used to.
> 2) have you tried just `yum downgrade firefox` and see if it works?

Tried that.
> 4) interrupted updates?  i.e., `yum complete-transaction` (sp???)  `yum
> reinstall firefox nss coolkey pcscd`
Shouldn't have been any... though I did an update, and forgot to
disableexcludes, since I didn't feel like screwing with rebuilding my
NVidia driver.

> Even when this disclaimer is not here:
> I am not a contracting officer. I do not have authority to make or modify
> the terms of any contract.

Yeah, me neither.