Hello all,
Thanks for the help with my last sticking point. I've since got a GemPlus GPR400
reader working, after recompiling PCMCIA support out of the RedHat 7.3 kernel and
substituting a patched pcmcia-cs, and invested in some Cryptoflex 16K cards to replace
my GemClub Memos.
I�m a little further towards getting PAM smartcard authenticated logins in Linux.
However, as I'm sure you've already figured out, all is not well. Like last time,
I've listed what I hope is the relevant output from some programs I was expecting to
work, but instead give me errors that I don't know how to resolve. Hopefully someone
out there can spot an obvious problem, and perhaps even a solution! Thanks in advance.
# smarttools-rsa-0.4.0/csgenkey
Initializing random number generator...
Generating p: ....++ (distance 76)
Generating q: .................++ (distance 238)
Computing the keys...
Testing the keys...
Key generation complete.
---------- Connecting to smartcard subsystem ----------
Reader 01: GemPlus GPR400 0 0
Enter the desired reader number : 1
Please insert your smartcard: card inserted
Invalid FILE
Invalid FILE
Creating Private Key File 0x0012
Writing RSA Private Key: 0x0012
[0 -------- 50 --------- 100]
[*Invalid FILE
Writing RSA Public Key: ~/.muscle/public.key
--------------- Finished Key Generation ---------------
( With or without a card inserted. )
To try and use the muscleframework cryptoflex plugin, I need to format the card. The
leaflet supplied listed the default factory transport key.
# muscleTools-0.9.0/muscleTool
MuscleCard Shell - type help for help
muscle > tokens
1. SchlumbergerSema Cryptoflex
muscle > format 1
Would you like to:
1. Use the default factory key: 2C15E526E93E8A19
2. Use the MUSCLE default key : 4D7573636C653030
3. Enter your own transport key
Choose (1-3): 1
How much object memory would you like to allocate ?
Example: 7096 (7k) : 11000
********************* WARNING ! *********************
You are about to destroy all data on this token.
*****************************************************
Are you sure you want to continue ? (1-YES, 2-NO): 1
Formatting token [*] : Failed (Unknown SW: 0000)
muscle > muscle >
Meanwhile this is reported just before failure.
# pcscd -fd stdout
winscard.c:154 SCardConnect: Attempting Connect to GemPlus GPR400 0 0
winscard.c:252 SCardConnect: Active Protocol: 1
winscard.c:259 SCardConnect: hCard Identity: 1f822
winscard.c:1267 SCardTransmit: Send Protocol: 0
IFDHTransmitToICC: write command
IFDHTransmitToICC: c0 a4 0 0 2 3f 0
IFDHTransmitToICC: status=e4
IFDHTransmitToICC: end
winscard.c:649 SCardDisconnect: Active Contexts: 1
IFDHPowerICC: reset
winscard.c:707 SCardDisconnect: Reset complete.
smartcard_login-0.1.1/cat/cleancard reports "Unknown internal error" (0x80100014)
trying to select root with both the Cryptoflex and Memo cards.
Meanwhile:
# pcscd -fd stdout
winscard_msg.c:263 SHMProcessEvents: Common channel packet arrival
pcscdaemon.c:141 SVCServiceRun: Client 9 has disappeared.
winscard.c:76 SCardEstablishContext: Establishing Context: 16999188
winscard.c:154 SCardConnect: Attempting Connect to GemPlus GPR400 0 0
winscard.c:252 SCardConnect: Active Protocol: 1
winscard.c:259 SCardConnect: hCard Identity: 13088
winscard.c:1267 SCardTransmit: Send Protocol: 0
IFDHTransmitToICC: write command
IFDHTransmitToICC: 0 a4 0 0 2 3f 0
IFDHTransmitToICC: status=e4
IFDHTransmitToICC: end
winscard.c:1267 SCardTransmit: Send Protocol: 0
IFDHTransmitToICC: write command
IFDHTransmitToICC: c0 a4 0 0 2 3f 0
IFDHTransmitToICC: status=e4
IFDHTransmitToICC: end
winscard.c:649 SCardDisconnect: Active Contexts: -1
IFDHPowerICC: reset
winscard.c:707 SCardDisconnect: Reset complete.
winscard.c:88 SCardReleaseContext: Releasing Context: 16999188
winscard.c:88 SCardReleaseContext: Releasing Context: 16999188
pcscdaemon.c:141 SVCServiceRun: Client 9 has disappeared.
After configuring the various config files as described in Smartcard-Netlogin-HOWTO,
smartcard_netlogin-0.1/scripts/create_net_login_ca.pl fails right towards the end.
I've isolated the problem line, but can't find any information on supplying the
countryName:
# openssl ca -config SCA.cnf -name Root_CA -in ServerReq.pem -out ServerCert.pem
Using configuration from SCA.cnf
Enter PEM pass phrase:
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
domainComponent :PRINTABLE:'netproject'
commonName :PRINTABLE:'127.0.0.1'
The countryName field needed to be supplied and was missing
Error: Can't create Server-Certificate
That's all, folks!
Thanks again,
Sean Atkinson.
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
Get 4 DVDs for $.49 cents! plus shipping & processing. Click to join.
http://adfarm.mediaplex.com/ad/ck/990-1736-3566-59
***************************************************************
Unix Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/
To unsubscribe send an email to [EMAIL PROTECTED] with
unsubscribe sclinux
***************************************************************
