Hi, > Whenever a user is using wget to fetch a webpage via https, I'll get
p11-kit and dependencies are not directly used by wget, but your wget is likely build with GnuTLS (check it !). I know that GnuTLS is using p11-kit, especially Redhat/Fedora are the driving force behind it. So the next step further down is to ask on the gnutls mailing list (gnutls- h...@lists.gnutls.org or gnutls-de...@lists.gnutls.org). But be prepared to be redirected to somewhere else. Looking at the error messages... are you sure that your user (userid 48) has all permissions (maybe certain group membership) ? Regards, Tim On Samstag, 28. Oktober 2017 08:36:43 CEST Ted Lyngmo wrote: > Hi! > > wget 1.19.1-3.fc26 > p11-kit 0.23.9-2.fc26 > opensc 0.17.0-1.fc26 > pcsc-lite 1.8.22-1.fc26 > polkit 0.113-8.fc26 > > Whenever a user is using wget to fetch a webpage via https, I'll get > messages like this in /var/log/messages: > > 2017-09-21T10:54:35+02:00 ninja pcscd[2721]: 03445385 > auth.c:137:IsClientAuthorized() Process 48952 (user: 48) is NOT > authorized for action: access_pcsc > 2017-09-21T10:54:35+02:00 ninja pcscd[2721]: 00000279 > winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client > > This started after upgrading to F26 (or possibly F25 which was installed > for a few days). I have no idea why wget (via one of the libraries > involved) would try to access the smart card reader without the user > telling it to. Even though it fails getting access to a reader (which > I've currently got none), the https pages are received just fine. > > curl works without triggering these kinds of messages. > > I'm not sure if it's actually wget's fault or if it's one of the libs > it's using that's to blame. > > References > ---------- > Fedora forum: > https://forums.fedoraforum.org/showthread.php?t=315778 > > Discussion with pcsc's creator who helped me narrowing the problem down > a bit: > https://github.com/LudovicRousseau/PCSC/issues/26 > > Denied bug report in polkit: > https://bugs.freedesktop.org/show_bug.cgi?id=103483 > > Br, > Ted > > Ps. I added two polkit rules to grant everyone smart card access to stop > the log messages, but can't keep it like that if I decide to connect a > smart card reader.
signature.asc
Description: This is a digitally signed message part.