Timothy J. Miller wrote:
Todd Denniston wrote:
Cool, it would be nice to be able to read a log that is not
disappearing while trying to figure out what is going wrong.
FWIW, RedHat has a bunch of patches against 0.5.3 checked into FC5. Most
interesting is they converted it over from OpenSSL to NSS for cert
processing and enabled OCSP. I'm going to try to port these over to
svn230 (rather than reinvent the wheel, plus NSS has a FIPS certificate
and OpenSSL's keeps getting held up ;).
Juan, if you're listening, you probably want to check them out too.
Speaking of which are you actually getting pam_pkcs11 to let you login
with a cac while using coolkey's pkcs11 lib?
I am having a fault near what I think is the end of the transactions,
which we think is related to the card logout stuff. I am trying to use
pam_pkcs11-0.5.3 so you might have a better version from svn.
If pkcs11_inspect and pklogin_finder work, it should be good to go. I
did have a problem with libmusclepkcs11 & pam_pkcs11 when invoked from
login (rather than sudo or gdm), but it went away when I subbed in
libcoolkeypk11.
ok pointing me back at pkcs11_inspect is a good catch, it faults to and on
local issuer certificates... I forgot to run make_hash_link.sh.
Ok, now my cac works for login (as in /etc/pam.d/login) too.
Post up the debug logs--not just from pam_pkcs11, but from coolkey (set
COOL_KEY_LOG_FILE in the environment to point somewhere, and the module
will dutifully log what it's doing)--and let's see what it's doing.
Do you know how would one set COOL_KEY_LOG_FILE into the environment for
pam??? i.e. it works when I am using it with firefox, my problem was with pam.
Thanks for the help
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
