Hello again, I've fixed one of my problems with smartcard_netlogin, in case it helps anyone:
> # openssl ca -config SCA.cnf -name Root_CA -in ServerReq.pem -out ServerCert.pem > Using configuration from SCA.cnf > Enter PEM pass phrase: > Check that the request matches the signature > Signature ok > The Subjects Distinguished Name is as follows > domainComponent :PRINTABLE:'netproject' > commonName :PRINTABLE:'127.0.0.1' > The countryName field needed to be supplied and was missing > Error: Can't create Server-Certificate You need to follow the example LDAP configurations closer than I realised - my domainComponent base dn was the problem, it needs to be of the form "o=zhw, c=ch" so the countryName is supplied. I'll look into relaxing this constraint some day. David suggested that the GPR400 driver might be causing some trouble with Cryptoflex cards. Indeed it was - thanks for the tip! Setting pc_debug=1 for gpr400_cs.o reports "invalid procedure byte recvd<7>gpr400_ioctl(0, 0x800b6707)" in /var/log/messages (and dmesg) when I try tools from smartcard_login-0.1.1. However I've used both my GPC410 and ACF30 to format and use Cryptoflex cards for PAM authentication, which is an encouraging step forward allowing me to press on without the PCMCIA reader. Does anyone have any suggestions regarding this incompatibility between the GPR400 driver and Cryptoflex cards? The pcscd debug output doesn't seem interesting, so presumably I need a driver patch. If it's not being actively developed I guess I'll have to go deeper into this code than I'd hoped, or else buy a better supported reader? Finally, smartcard_netlogin-0.1/scripts/create_net_login_ldap.pl seems to be having trouble starting TLS. Net::LDAP->start_tls reports an error code, but the function to lookup it's name is missing. I've used various versions of Net_SSLeay.pm, including the suggested 1.08, but none seem to work. Has anybody had any success with this? Thanks, Sean. -- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Get 4 DVDs for $.49 cents! plus shipping & processing. Click to join. http://adfarm.mediaplex.com/ad/ck/990-1736-3566-59 *************************************************************** Unix Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/ To unsubscribe send an email to [EMAIL PROTECTED] with unsubscribe sclinux *************************************************************** *************************************************************** Unix Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/ To unsubscribe send an email to [EMAIL PROTECTED] with unsubscribe sclinux *************************************************************** _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
