Douglas E. Engert wrote:
OpenSC-0.11.0 has PIV support via PKCS#11. The intent was to provide the client side routines. But for testing the piv-tool can initialize some test cards if you know the keys and particulars of the card you are using.
OpenSC is on my plate, if for no other reason than the PIV support that's going in. It's not my current top priority because of the lack of CAC support, and for now CAC takes precedence over PIV because of the current and upcoming JTF-GNO orders requiring smartcard login to DoD systems.
FWIW I've got pam_pkcs11.so working (mostly). I still need to resolve the libmusclepkcs11.so session_FreeSession bug in an appropriate fashion, but I know that once that's done I'll have login to local accounts smartcard-enabled.
There are still a few rough edges--gksu doesn't work with pam_pkcs11 (or pam_p11 or pam_musclecard) for some reason I've not poked at yet (I logged a bug against it, but the author hasn't gotten back to me on it). Also, pam_pkcs11 works fine with gdm and sudo but *not* with login--it crashes in C_GetFunctionList--despite all three loading the *exact same* PAM auth stack.
-- Tim
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
