Hi, I've just started investigating free software for smart cards, with a view to PAM authentication with a smart card and LDAP server. Fortunately it seems I'm not the only person interested in this, but I've had limited success with existing packages so far. I'm beginning to suspect that my cards may not be suitable, since they're the only common link in a series of problems.
I hoped that somebody out there may diagnose some (glaringly obvious?) issue from the results of my tests. Since I don't know how to progress, any feedback at all would be appreciated, even if it's just an opinion about which of the many directions I should be focusing on. Thanks in advance! I'll start with my setup. I have two floppy-bay serial smart card readers, a GemPlus PC410-FD and and Advanced Card Systems ACF30, installed in regular PCs running RedHat Linux 7.3. I've installed the pcsc-lite-1.1.1-1 RPM, and drivers for both readers seem happy after I figured that acs_cmouse/libacs_cmouse.so requires "CHANNELID 0x0103F8" (not 1) in /etc/reader.conf. (BTW, I'm using gp-core-2.4.0/libgp_core.so for the GemPC410, is there any advantage/difference with ifd-gempc-0.6.4/GemPC410/libGemPC410.so.0?). The low-level tests that come with the drivers appear to run fine. I have several GemPlus GemClub-Memo cards (ISO7816-3, T=0 Async, 2K) to play with. Below are the results from all the relevant free software I've found, running "pcscd -d stderr" to see its logs. I modified /etc/pam.d/su to experiment with the various libraries, and tried logging in with both incorrect and correct passwords, and with cards inserted and removed. * Inserting card into GemPC410 (pcscd log) - perhaps the ATR's useful? eventhandler.c:467 EHSpawnEventHandler: Card inserted into Gemplus GemPC410 Reader 0 0 Card ATR: 3B 02 53 01 (The ACF30 reports a NULL ATR - probably not a Good Thing?) * smartsession/src/Graphic/xsst (any operation, trying to setup cards): GemPC410: "Error Getting Card Ser Number: 6D00: Instruction code not supported or invalid." ACF30: "PC/SC Error Sending APDU get CSN: Card protocol mismatch." These errors make me suspect the cards aren't up to the task? example pcscd log: winscard_msg.c:263 SHMProcessEvents: Common channel packet arrival winscard.c:76 SCardEstablishContext: Establishing Context: 16974173 winscard.c:154 SCardConnect: Attempting Connect to Gemplus GemPC410 Reader 0 0 winscard.c:252 SCardConnect: Active Protocol: 1 winscard.c:259 SCardConnect: hCard Identity: 13d44 winscard.c:1267 SCardTransmit: Send Protocol: 0 winscard.c:649 SCardDisconnect: Active Contexts: -1 winscard.c:707 SCardDisconnect: Reset complete. winscard.c:88 SCardReleaseContext: Releasing Context: 16974173 winscard.c:88 SCardReleaseContext: Releasing Context: 16974173 pcscdaemon.c:141 SVCServiceRun: Client 9 has disappeared. * smartsession/src/Pam_Modules/pam_smartcard.so Prompts "Please insert your card", "Enter your PIN code:", and communicates with pcscd, but has no effect regardless of PIN. * musclecard-pam-1.0.1 Doesn't link: "ld: cannot find -lmusclecard". "locate libmusclecard" doesn't yield anything useful. * musclepam-0.9.0/pam_musclecard.so Communicates with pcscd, but no effect or debug output with "Debug ON" in /etc/pam-muscle.conf. Presumably I need to generate /etc/root.cert or ~/.muscle/user.cert somehow? * pam_modules/pam_smartcard.so: No effect - doesn't even communicate with pcscd. * smartcard_login-0.1.1/cat/cleancard Reports "card error selecting root" with GemPC410 - the returned error value seems to be SCARD_F_UNKNOWN_ERROR 0x80100014 (from pcsclite.h). ACF30 reports "pc/sc init error", and SCARD_E_PROTO_MISMATCH 0x8010000F. * smartcard_login-0.1.1/pam_smartcard/pam_smartcard.so Communicates with pcscd, but no effect. * smarttools-rsa-0.4.0/README It appears I need a Shlumberger card to use this? * scpwd-0.1b/scpwd Smartcard Loading/Saving tight-loops reporting "Unhandled result value 8010000f" endlessly, and reading back from saved file seg-faults. * scpwd-0.1b/pam_smartcard.so No effect - no communication with pcscd. Hopefully that's all thorough enough to give somebody a hint as to potential solutions, but if there's anything I should have included I will of course clarify with some further tests. Thanks again, Sean Atkinson. -- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Save up to $160 by signing up for NetZero Platinum Internet service. http://www.netzero.net/?refcd=N2P0602NEP8 *************************************************************** Unix Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/ To unsubscribe send an email to [EMAIL PROTECTED] with unsubscribe sclinux ***************************************************************
