Hi, I am trying to configure Smart Card authentication on CentOS7 using sssd version 2.2.2 (re-compiled from source, as the official repo for CentOS7 only has sssd 1.16.x, but we need the certmap features of sssd 2.x).
We use special smart card hardware (Gemalto PrimeID) which requires a custom library (provided to us from the vendor as RPM and DEB packages). The actual library gets installed to /usr/lib64/libeTPkcs11.so If I create a *.module file under either /usr/share/p11-kit/modules or /etc/pkcs11/modules pointing to /usr/lib64/libeTPkcs11.so, then the command 'p11tool --list-tokens' properly reads the smartCard and lists the tokens on it. However, running 'p11_child --pre' (per various other threads from Sumit Bose) does not even list our custom library (the libeTPkcs11.so) in the Default Module List, so it fails to read the SmartCard. The only modules listed are '[NSS Internal PKCS #11 Module]' and '[CoolKey PKCS #11 Module]' Is there some command I need to run in order to register our custom SmartCard library with NSS or P11-kit such that sssd's p11_child knows how to use it? How does p11_child locate the available smartCard libraries? _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
