On Sun, Apr 5, 2020 at 4:27 PM nschehovin--- via CentOS <centos at centos.org> wrote: > Hi Tony, > Have you solved this problem yet?I took another approach and used CACkey > which supportsUS Government PIV cards including the CAC. In my case I set > it up on Linux Mint but there is an rpm version of CACKey for 32 or 64 bit > Centos.Here is the process I went through. > - setup CAC card by following instructions on: > https://help.ubuntu.com/community/CommonAccessCard > sudo apt-get install libpcsclite1 pcscd pcsc-tools > - download CACkey from https://cackey.rkeene.org/fossil/index > sudo dpkg -i cackey_0.7.5-1_amd64.deb > The above command failed with: > "dpkg: error processing archive cackey_0.7.5-1_amd64.deb (--install): > unable to create '/libcackey.so.dpkg-new' (while processing > './usr/lib64/libcackey.so'): No such file or directory > dpkg-deb: error: paste subprocess was killed by signal (Broken pipe) > Errors were encountered while processing: > cackey_0.7.5-1_amd64.deb" > > - as root I created the directory /usr/lib64 and ran the command > again!!!!!!It Worked!!!!!!! > - ran command pcsc_scan and it found my CAC > - had to manually install the DoD root certificates > - certificates were manually installed one at a time for both Thunderbird > and Firefox > It turned out to be much easier than I thought it would to get my PIV > working on a Linux machine. > Hope that helps.Ed > > > On Thursday, April 2, 2020, 1:37:32 PM EDT, Tony Schreiner < > anthony.schreiner at bc.edu> wrote: > > On Thu, Apr 2, 2020 at 12:47 PM Tony Schreiner <anthony.schreiner at bc.edu> > wrote: > > > CentOS 7, In firefox -> privacy & security -> certificates -> security > > devices > > i am trying to load the pkcs11 modules, but get the error unable to > load. > > > > I am following the directions at > > https://piv.idmanagement.gov/engineering/firefox/ > > > > I have installed opensc and openssl-pkcs11, which > > contains /usr/lib64/openssl/engines/pkcs11.so > > and am using that is the module > > > > Has anybody here done that, and can offer advice? > > > > Answering myself, though not completely solved. > > I should have instead been loading /usr/lib64/opensc-pksc11.so > _______________________________________________ > > I was advising someone at a remote site, so didn't see the full experience. But once I provided the correct path for the module, he was able to load it and complete the authentication. Sorry I don't have more details. But thanks for the info, I'll save it. Tony