Alon Bar-Lev wrote:
On 10/21/06, Greg Hennessy <[EMAIL PROTECTED]> wrote:
Jesse I Pollard - CONTRACTOR wrote:
> You also likely don't want to do that anyway.
It seems my options are find a way to have ssh work with a CAC, or
disable ssh. I think I prefer the former.
Does your card support PKCS#11, if it do, please try my patch, available
at:
http://alon.barlev.googlepages.com/openssh-pkcs11
Best Regards,
Alon Bar-Lev.
Alon,
One note about your patches:
I am not sure why you had line ~414 in pkcs11.c going to logit vs debug, but
with it going to logit the ssh-add process (when ssh-agent was running as a
daemon) would get stuck at (IIRC) adding a provider. By changing the output
to debug it works ok. May I suggest you review the attached patch (which
worked against openssh-4.3p2pkcs11-0.13.patch.bz2 and
openssh-4.4p1pkcs11-0.14.patch.bz2 ) and make it do what might be more
appropriate than going to debug or logit.
Thanks for the work... with the right script doing the ssh-add's it works
quite well for CAC.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
--- pkcs11.c.orig 2006-10-11 13:42:29.000000000 -0500
+++ pkcs11.c 2006-10-12 08:27:40.000000000 -0500
@@ -411,7 +411,7 @@
fCertIsPrivate ? 1 : 0
);
- logit (
+ debug (
"PKCS#11: Adding PKCS#11 provider '%s'",
provider
);
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
