Hi, I'm having issues getting smartcards working with SRSS31. I'm using Sunray 1Gs, running off SunFire v240s loaded with Solaris 10, and the Sun Payflex smartcards.
Basically, I've performed all of the directions as stated in this link: http://www.filibeto.org/~aduritz/truetrue/sunray/srss-sc-pers My pam.conf has been changed so that the sunray specific sections also include the pam_smartcard.so config, and when I load up /usr/dt/bin/sdtsmartcardadmin it works fine. I'm able to load and configure the applets while the card is plugged into the sunray, install a group/user/pass/pin, install the new ATRs, etc. When I boot, I'm using the utpolicy of -a -g -r card -m, so nobody without a card can get in, and the user/card has to be pre-registered. So, when the Sunray is booted, it goes to an "insert card" icon ... if you insert the Payflex card, it connects up to one of the Sunray servers, and a dtlogin window is presented ... the username is grabbed off the smartcard, and at the top of the screen is says "Welcome <$username>" ... at the bottom, it says "Enter Pin:" At this point, if you put the correct pin in the text field, it greys out the text fied, waits 10 seconds and then produces a "Login incorrect; please try again." error window. If you type in the *wrong* pin, it doesn't give an error window at all and just returns to accepting input with no delay. Here's the relavent conversation from /var/run/ocf.log when the correct pin is used: OCFService::lock timeout=10 OCFCardHandle::lock OCFService::exchangeAPDU SRCOM: <exchange_APDU> sendAPDU: [00a40000023f00] recvAPDU: [9000] OCFService::exchangeAPDU SRCOM: <exchange_APDU> sendAPDU: [00a40000025f00] recvAPDU: [9000] OCFService::exchangeAPDU SRCOM: <exchange_APDU> sendAPDU: [00a40000025f40] recvAPDU: [9000] OCFService::exchangeAPDU SRCOM: <exchange_APDU> sendAPDU: [00200010083132333938370000] recvAPDU: [9000] OCFService::exchangeAPDU SRCOM: <exchange_APDU> sendAPDU: [00b2010408] recvAPDU: [31323334353600009000] OCFService::unlock OCFCardHandle::unlock OCFClientHandle::close OCFClientHandle::close Here's the relavent conversation from /var/run/ocf.log when the "okay" button is pressed in the "Login incorrect; please try again." error window. OCFService::register OCFService::register, client handle=13 SunRayCardTerminal: <getFilterKey(SunRayDTU|:2)> filterKey: [:2] SunRayCardTerminal: <getFilterKey(SunRayDTU|:3)> filterKey: [:3] SunRayCardTerminal: <isClientAuthorized(SunRayDTU|:3)> authorized: [true] client UID: [0] owner UID: [0] SunRayCardTerminal: <getFilterKey(SunRayDTU|:4)> filterKey: [:4] SunRayCardTerminal: <getFilterKey(SunRayDTU|:5)> filterKey: [:5] SunRayCardTerminal: <isClientAuthorized(SunRayDTU|:3)> authorized: [true] client UID: [0] owner UID: [0] OCFService::getCard terminalRawName=SunRayDTU|:3 OCFService::register OCFService::register, client handle=14 OCFService::lock timeout=10 OCFCardHandle::lock OCFService::exchangeAPDU SRCOM: <exchange_APDU> sendAPDU: [00a40000023f00] recvAPDU: [9000] OCFService::exchangeAPDU SRCOM: <exchange_APDU> sendAPDU: [00a40000025f00] recvAPDU: [9000] OCFService::exchangeAPDU SRCOM: <exchange_APDU> sendAPDU: [00a40000025f30] recvAPDU: [9000] OCFService::exchangeAPDU SRCOM: <exchange_APDU> sendAPDU: [00b2010408] recvAPDU: [676C6F62616C00009000] OCFService::unlock OCFCardHandle::unlock I'm somewhat at a loss at this point, never having setup smartcard servers before. Any help would be appreciated. Thanks, James _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
