Todd Denniston wrote:
Cool, it would be nice to be able to read a log that is not disappearing while trying to figure out what is going wrong.
FWIW, RedHat has a bunch of patches against 0.5.3 checked into FC5. Most interesting is they converted it over from OpenSSL to NSS for cert processing and enabled OCSP. I'm going to try to port these over to svn230 (rather than reinvent the wheel, plus NSS has a FIPS certificate and OpenSSL's keeps getting held up ;).
Juan, if you're listening, you probably want to check them out too.
Speaking of which are you actually getting pam_pkcs11 to let you login with a cac while using coolkey's pkcs11 lib?
I am having a fault near what I think is the end of the transactions, which we think is related to the card logout stuff. I am trying to use pam_pkcs11-0.5.3 so you might have a better version from svn.
If pkcs11_inspect and pklogin_finder work, it should be good to go. I did have a problem with libmusclepkcs11 & pam_pkcs11 when invoked from login (rather than sudo or gdm), but it went away when I subbed in libcoolkeypk11.
Post up the debug logs--not just from pam_pkcs11, but from coolkey (set COOL_KEY_LOG_FILE in the environment to point somewhere, and the module will dutifully log what it's doing)--and let's see what it's doing.
-- Tim
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
