On 4/9/2011 4:08 PM, Viktor TARASOV wrote: > Le 08/04/2011 22:08, Douglas E. Engert a écrit : >> While testing a version r5313 of the cardmod driver on Vista 32bit >> something has changed since 3/25 when I last tested it. >> >> Login to AD does is failing. >> >> certutil works fine, I can do certutil -scinfo, and >> certutil -store -user My and keys are varified as expected. >> >> Login reads the card, and show the subject, asks for the >> PIN, but shortly after there is a message about Login can not >> use this card, see the Event Logs and contact the administrator. >> >> The only think that looks strange is an event about the Card Reader >> can not support IOCTL 0x313520. I have seen this event in the past, >> and don't recall it being a problem. >> >> Going back to the opensc-cardmod.dll of 3/25 it still works with >> with login.
Good news, using: http://www.opensc-project.org/downloads/nightly/win32/OpenSC-r5314.115.msi Login to AD now works on Vista. I uninstalled all the previous opensc code, and registry entries and ran the msi. I copied opensc.conf.in to opensc.conf and added to the registry a Calia entry that worked before, to use the windows\system32\opensc-cardmod.dll installed by the msi. What I had been doing for testing was to compile opensc on W7, and install manually by copying files, including the opensc-cardmod.dll The build script looks like: rem setup vc 2008 environment in batch window call "%ProgramFiles%\Microsoft SDKs\Windows\v7.0\Bin\SetEnv.cmd"%1 %2 %3 rem set INCLUDE=%INCLUDE%;C:\program files\Microsoft visual studio 8\vc\platformsdk\include\mfc color 72 with the parameters: /release /xp /x86 I need to go back and look at my build procedures to see what may have changed, that allow the LogoinUI to find the card, read the certs and display the PIN prompt but lsaa would not use the card. I see that the msi is not using OpenSSL, so this is a possible issue. >> >> I don't suspect the code for the GUID I am working on, as >> certutil on Windows is showing the new GUID as expected. >> >> Is anyone else capable of testing Windows Login? >> >> Have any changes since 3/25 been made it might not run >> under the LSA where there is no stdin, stdout or stderr, >> and HKLM is not available? >> >> Any changes to locking? > > Afaiu, nothing suspicious have been done since r5271 . > Actually I do not have Windows Logon. Can you localize the faulty revision ? > > >> On 4/7/2011 12:56 PM, Douglas E. Engert wrote: >>> >>> On 4/7/2011 12:10 PM, Viktor TARASOV wrote: >>>> Hello Douglas, >>>> >>>> Le 05/04/2011 15:36, Douglas E. Engert a écrit : >>>>> I would the serialized, so some cards do not have to follow the GUID >>>>> format. This could eliminate >>>>> the need to have a hash function for OpenSSL. >>>> I've committed the common routines to get the 'classic' serialized form of >>>> GUID. >>>> >>>> In attachment there is proposal for the PIV specific implementation. >>>> Will you agree? >>> I will give it a try, and get it to work. >>> >>>> This PIV specific routine returns the hexadecimal presentation of the >>>> object ID concatenated to the serial -- >>>> like it was originally implemented by François . >>>> >>>> Kind wishes, >>>> Viktor. >>>> >>>> >>>> >>>> _______________________________________________ >>>> opensc-devel mailing list >>>> opensc-devel@lists.opensc-project.org >>>> http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
