Re: [Pki-users] ESC doesn't recognize smartcard / standalone operation?
Bryce,
To piggyback on what Jack was saying, I'd like to confirm your usecase that you're
only using the cards to authenticate into a system. Can you confirm the cards you're
using and what OS you're trying to enable?
This is a pretty solid doc on how to do this:
https://docs.fedoraproject.org/en-US/Fedora//html/Security_Guide/sect-Sec...
I would recommend looking more deeply into pam_pkcs11 as it provides several mechanisms by
which you can authenticate, so picking the right one for you may take some reading. Happy
to help!
----- Original Message -----
From: "John Magne" <jmagne(a)redhat.com>
To: "Bryce L Nordgren -FS" <bnordgren(a)fs.fed.us>
Cc: pki-users(a)redhat.com
Sent: Monday, May 18, 2015 1:03:45 PM
Subject: Re: [Pki-users] ESC doesn't recognize smartcard / standalone
operation?
Bryce:
I would imagine that the smart card manager relies upon coolkey to
recognize
cards.
As per your other question, I think you are fine. The whole TMS
system
ESC/TPS is used to
provision cards with the coolkey applet. For other types of cards it will do
nothing but
display some minor information about the token.
----- Original Message -----
> From: "Bryce L Nordgren -FS" <bnordgren(a)fs.fed.us>
> To: pki-users(a)redhat.com
> Sent: Saturday, May 16, 2015 3:03:17 PM
> Subject: [Pki-users] ESC doesn't recognize smartcard / standalone
> operation?
>
>
>
> My system is to the point where command line interaction with the smart
> card
> behaves as expected, as long as I use the OpenSC middleware to pam_pkcs11,
> and not coolkey. Using pklogin_finder asks for the PIN, verifies the
> certificates, and maps the user to a local system account. System details
> in
> previous thread:
> https://www.redhat.com/archives/pki-users/2015-April/msg00041.html
>
>
>
> My expectation was that the “smart card manager” should pop up when the
> card
> is inserted. It doesn’t. I can type “esc” at the command line, and it says
> “No Cards Present” with everything greyed out. Likewise, inserting the
> smart
> card at the login prompt does nothing. There _ is _ an “./escd” process
> running. Is ESC hardwired to use coolkey, which can’t read my card? How can
> I debug this?
>
>
>
> Final question: Am I correct to assume that my situation does not call for
> a
> TPS, TKS, or even a CA? I must not touch the info on these smart cards:
> Never format, never issue certs, never save, never change. My machines just
> need to respect a totally external PKI infrastructure: ask for PIN, verify
> cert against the CA bundle, and start a login session. For any of the
> things
> I would need a PKI infrastructure for, I need to make an appointment at a
> GSA Credentialing Center, then physically show up with two forms of ID in
> hand.
>
>
>
> Many thanks for your helpful advice!
>
> Bryce
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
Attachments:
- attachment.html (text/html — 4.1 KB)