Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Muscle] Re: CAC without musclecard
From: Timothy J. Miller (tmillermitre.org)
Date: Thu Jul 27 2006 - 08:41:44 CDT
Todd Denniston wrote:
> Cool, it would be nice to be able to read a log that is not disappearing
> while trying to figure out what is going wrong.
FWIW, RedHat has a bunch of patches against 0.5.3 checked into FC5.
Most interesting is they converted it over from OpenSSL to NSS for cert
processing and enabled OCSP. I'm going to try to port these over to
svn230 (rather than reinvent the wheel, plus NSS has a FIPS certificate
and OpenSSL's keeps getting held up ;).
Juan, if you're listening, you probably want to check them out too.
> Speaking of which are you actually getting pam_pkcs11 to let you login
> with a cac while using coolkey's pkcs11 lib?
> I am having a fault near what I think is the end of the transactions,
> which we think is related to the card logout stuff. I am trying to use
> pam_pkcs11-0.5.3 so you might have a better version from svn.
If pkcs11_inspect and pklogin_finder work, it should be good to go. I
did have a problem with libmusclepkcs11 & pam_pkcs11 when invoked from
login (rather than sudo or gdm), but it went away when I subbed in
Post up the debug logs--not just from pam_pkcs11, but from coolkey (set
COOL_KEY_LOG_FILE in the environment to point somewhere, and the module
will dutifully log what it's doing)--and let's see what it's doing.
Muscle mailing list
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature