More info on this. I think it is an ID Ally bug. Looking at spy and opensc debug logs, It looks like the CSP is called when a card is removed sounds reasonable.
The Id Ally does C_Initialize, C_GetSlotList, a loop over the 8 slots for C_GetSlotInfo then a C_Finalize. I then logged off and try to login again. Rather then another C_Initialize as would be expected since C_Finalize was called last, Id Ally does a C_OpenSession. The way I read PKCS#11 2.01 under C_Finalize it says: "C_Finalize is called to indicate that an application is finished with the Cryptoki library." If IdAlly wants to use the library again, it should call C_Initialize. IdAlly tries some other thinks, and gets back in sync so the next login works. But I would also think OpenSC should give an error if the C_OpenSession is called and C_Initialize has not been called. But it is not clear if Id Ally could get back in sync! kamal kumar wrote: > Hi, > Today i tried certificate logon in XP with PIV card. > As i told you before, first certificate logon after > reboot succeeded. But the second logon failed. > > I have attached the opensc log files with this. This > log file contain entries for first successful logon > and second failed logon. > > Please give your opinion. > > Regards, > Kamal. > --- "Douglas E. Engert" <[EMAIL PROTECTED]> wrote: > >> >> kamal kumar wrote: >>> Hi all, >>> I tried certificate logon with "Identity Alliance >> CSP" >>> and opensc-pkcs11 module in XP machine. The >>> certificate logon works fine for the first time. >> But >>> if we logoff and again tries to do certificate >> logon, >>> the logon fails second time. >>> >>> I want to confirm whether it is a issue. >> Works OK for me. >> >>> I analysed the opensc log files. I think following >> is >>> the reason for the error. In XP, opensc-pkcs11 >> module >>> maintains the pc/sc smartcard connection during >> the >>> first certificate logon. And it uses the same >> pc/sc >>> connection for the second certificate logon also. >> But >>> since we removed and inserted the card in the >> middle >>> for getting PIN prompt in winlogon, we are getting >> the >>> error. >> Sounds like the card failed to do an unlock() at >> some time >> and so the pcsc connection might still be active. >> What type/version of IdAlly, OpenSC, card and reader >> are >> you using? >> >> I am using IdAlly-1.0, SCB-0.8 ( >> PIV card and pcmcia GemPC card. >> >> Note scb-0.8 is based on OpenSC-0.11.2 but the >> version numbers in the opensc-pkcs11.dll says >> 0.11.1. >> >> >>> Can any one please tell me whether it is a issue >> and >>> Is there any way to solve this. >>> >>> Regards, >>> Kamal. >>> >>> >>> >>> >>> > ____________________________________________________________________________________ >>> Sick sense of humor? Visit Yahoo! TV's >>> Comedy with an Edge to see what's on, when. >>> http://tv.yahoo.com/collections/222 >>> _______________________________________________ >>> opensc-devel mailing list >>> [email protected] >>> > http://www.opensc-project.org/mailman/listinfo/opensc-devel >>> >> -- >> >> Douglas E. Engert <[EMAIL PROTECTED]> >> Argonne National Laboratory >> 9700 South Cass Avenue >> Argonne, Illinois 60439 >> (630) 252-5444 >> > > > > > ____________________________________________________________________________________ > Get the Yahoo! toolbar and be alerted to new email wherever you're surfing. > http://new.toolbar.yahoo.com/toolbar/features/mail/index.php -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
