Re: [Muscle] PC/SC issues with Aladdin eToken PRO 64 on Ubuntu Quetzal (12.10)

Mon, 14 Jan 2013 00:43:11 -0800 

On 11/01/13 18:13, Ludovic Rousseau wrote:

2013/1/11 Yoann Juet <[email protected]>:

Hi all,


hello,


We have used, on Ubuntu systems, cryptographic tokens 'Aladdin eToken PRO
64' for ssh public key authentication for many years now. Since the release
of Ubuntu 12.10 aka Quantal Quetzal we're facing a major problem. On a fresh
installation of Quantal with all updates, when I try to add keys provided by
the PKCS#11 library to the ssh authentication agent, I get the following
error:

irts~$ ssh-add -s /usr/lib/opensc-pkcs11.so
Enter passphrase for PKCS#11:
SSH_AGENT_FAILURE
Could not add card: /usr/lib/opensc-pkcs11.so

irts~$ opensc-tool -l
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    Yes             Aladdin eToken PRO 64 00 00

The only workaround I found until now is stopping the service pcscd and
restarting it in foreground mode. Then, ssh-add authentication works as
expected:


You are not the first to report the problem. But I have no real idea
of where the problme comes from.


irts~$ sudo /etc/init.d/pcscd stop
irts~$ sudo pcscd -f
00000000 dyn_unix.c:81:DYN_GetAddress() IFDHCreateChannelByName:
/usr/lib/pcsc/drivers/openct-ifd.bundle/Contents/Linux/openct-ifd.so:
undefined symbol: IFDHCreateChann
00001577 ccid_usb.c:514:OpenUSBByName() Can't claim interface 2/5: -6


-6 is LIBUSB_ERROR_BUSY


00000048 ifdhandler.c:117:CreateChannelByNameOrChannel() failed
00000021 readerfactory.c:1009:RFInitializeReader() Open Port 0x200001 Failed
(usb:058f/9540:libudev:0:/dev/bus/usb/002/005)
00000006 readerfactory.c:312:RFAddReader() Alcor Micro AU9540 init failed.
00000027 hotplug_libudev.c:384:HPAddDevice() Failed adding USB device: Alcor
Micro AU9540
00000010 utils.c:95:CheckForOpenCT() File /var/run/openct/status found.
Remove OpenCT and try again
Error: Bad CTBCS APDU, ins=0x15


You have 2 readers: a Aladdin eToken Pro and an Alcor Micro AU9540. Exact?
You need to use OpenCT to drive your eToken.

I guess OpenCT also tries to use the Alcor Micro AU9540 and then pcscd
conplains.


Hello Ludovic,


Yes, this laptop has two readers. But even on computers with a single 
reader, 'ssh-add' command fails.


> You can try to upgrade pcsc-lite to version 1.8.7.


Yeah, it works with the last version of pcsc-lite. I should have tested 
before posting... Thanks a lot for your assistance !




Bye




--
Université de Nantes - Direction des Systèmes d'Information
IM jabber: [email protected]
Tél: 02.53.48.49.26 - Fax: 02.53.48.49.09

<<attachment: yoann_juet.vcf>>


Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


_______________________________________________
Muscle mailing list
[email protected]
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com






















					Reply via email to