> IIRC from another mailing list I am on, the Fedora version may use > `certutil` instead of pam_pkcs11's `make_hash_link.sh` to create links to > each of the CAs, and I am not sure if they keep them (the CAs) in the same > place as the normal pam_pkcs11.
I'll try to find certutil when I get home. Given that I need my CAC for work, I can only debug my home computer at night. :( > running `pkcs11_inspect debug` and making note of: > A) did it ask for a PIN/Password. > B) if it did (A), did it then spit out 'X.509 certificate found' and a > little later 'certificate is valid'? A) Yes B) No Let me find the cut and paste version of the info it printed. tantalus 2% pkcs11_inspect DEBUG:pam_config.c:262: argument pkcs11_inspect is not supported by this module DEBUG:pkcs11.c:65: Initializing NSS ... DEBUG:pkcs11.c:79: Initializing NSS ... with no db DEBUG:pkcs11.c:89: ... NSS Complete DEBUG:pkcs11_inspect.c:66: loading pkcs #11 module... DEBUG:pkcs11.c:101: Looking up module in list DEBUG:pkcs11.c:104: modList = 0x8d69458 next = 0x0 DEBUG:pkcs11.c:105: dllName= <null> DEBUG:pkcs11.c:145: loading Module explictly, moduleSpec=<library="/usr/lib/pkcs11/libcoolkeypk11.so" name="SmartCard"> module=/usr/lib/pkcs11/libcoolkeypk11.so DEBUG:pkcs11.c:181: load module complete DEBUG:pkcs11_inspect.c:74: initialising pkcs #11 module... DEBUG:pkcs11_inspect.c:87: no token available tantalus 3% pkcs11_inspect DEBUG:pam_config.c:262: argument pkcs11_inspect is not supported by this module DEBUG:pkcs11.c:65: Initializing NSS ... DEBUG:pkcs11.c:79: Initializing NSS ... with no db DEBUG:pkcs11.c:89: ... NSS Complete DEBUG:pkcs11_inspect.c:66: loading pkcs #11 module... DEBUG:pkcs11.c:101: Looking up module in list DEBUG:pkcs11.c:104: modList = 0x967f458 next = 0x0 DEBUG:pkcs11.c:105: dllName= <null> DEBUG:pkcs11.c:145: loading Module explictly, moduleSpec=<library="/usr/lib/pkcs11/libcoolkeypk11.so" name="SmartCard"> module=/usr/lib/pkcs11/libcoolkeypk11.so DEBUG:pkcs11.c:181: load module complete DEBUG:pkcs11_inspect.c:74: initialising pkcs #11 module... PIN for token: DEBUG:pkcs11_inspect.c:101: PIN = [XXXXXXX] DEBUG:pkcs11.c:399: cert 0: found (HENNESSY.GREGORY.S.XXXXXXXXXX:CAC ID Certificate), "CN=HENNESSY.GREGORY.S.XXXXXXXXXX,OU=XXX,OU=PKI,OU=DoD,O=U.S. Government,C=US" DEBUG:pkcs11.c:399: cert 1: found (HENNESSY.GREGORY.S.XXXXXXXXXX:CAC Email Signature Certificate), "CN=HENNESSY.GREGORY.S.XXXXXXXXXX,OU=XXX,OU=PKI,OU=DoD,O=U.S. Government,C=US" DEBUG:mapper_mgr.c:172: Retrieveing mapper module list DEBUG:mapper_mgr.c:73: Loading static module for mapper 'digest' DEBUG:mapper_mgr.c:197: Inserting mapper [digest] into list DEBUG:mapper_mgr.c:73: Loading static module for mapper 'cn' DEBUG:mapper_mgr.c:197: Inserting mapper [cn] into list DEBUG:mapper_mgr.c:73: Loading static module for mapper 'pwent' DEBUG:mapper_mgr.c:197: Inserting mapper [pwent] into list DEBUG:mapper_mgr.c:73: Loading static module for mapper 'uid' DEBUG:mapper_mgr.c:197: Inserting mapper [uid] into list DEBUG:mapper_mgr.c:73: Loading static module for mapper 'mail' DEBUG:mapper_mgr.c:197: Inserting mapper [mail] into list DEBUG:mapper_mgr.c:73: Loading static module for mapper 'subject' DEBUG:mapper_mgr.c:197: Inserting mapper [subject] into list DEBUG:mapper_mgr.c:73: Loading static module for mapper 'null' DEBUG:mapper_mgr.c:197: Inserting mapper [null] into list DEBUG:pkcs11_inspect.c:139: verifing the certificate for the key #1 DEBUG:cert_vfy.c:37: Verifying Cert: HENNESSY.GREGORY.S.XXXXXXXXXX:CAC ID Certificate (CN=HENNESSY.GREGORY.S.XXXXXXXXXX,OU=XXX,OU=PKI,OU=DoD,O=U.S. Government,C=US) DEBUG:cert_vfy.c:41: Couldn't verify Cert: Peer's Certificate issuer is not recognized. DEBUG:pkcs11_inspect.c:152: verify_certificate() failed: DEBUG:pkcs11_inspect.c:139: verifing the certificate for the key #2 DEBUG:cert_vfy.c:37: Verifying Cert: HENNESSY.GREGORY.S.1228899166:CAC Email Signature Certificate (CN=HENNESSY.GREGORY.S.1228899166,OU=USN,OU=PKI,OU=DoD,O=U.S. Government,C=US) DEBUG:cert_vfy.c:41: Couldn't verify Cert: Peer's Certificate issuer is not recognized. DEBUG:pkcs11_inspect.c:152: verify_certificate() failed: DEBUG:mapper_mgr.c:214: unloading mapper module list DEBUG:mapper_mgr.c:137: calling mapper_module_end() digest DEBUG:mapper_mgr.c:148: Module digest is static: don't remove DEBUG:mapper_mgr.c:137: calling mapper_module_end() cn DEBUG:mapper_mgr.c:148: Module cn is static: don't remove DEBUG:mapper_mgr.c:137: calling mapper_module_end() pwent DEBUG:mapper_mgr.c:148: Module pwent is static: don't remove DEBUG:mapper_mgr.c:137: calling mapper_module_end() uid DEBUG:mapper_mgr.c:148: Module uid is static: don't remove DEBUG:mapper_mgr.c:137: calling mapper_module_end() mail DEBUG:mapper_mgr.c:148: Module mail is static: don't remove DEBUG:mapper_mgr.c:137: calling mapper_module_end() subject DEBUG:mapper_mgr.c:148: Module subject is static: don't remove DEBUG:mapper_mgr.c:137: calling mapper_module_end() null DEBUG:mapper_mgr.c:148: Module null is static: don't remove DEBUG:pkcs11_inspect.c:174: releasing pkcs #11 module... DEBUG:pkcs11_inspect.c:177: Process completed tantalus 4% _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
