On Tue, Dec 03, 2019 at 10:57:55PM -0000, Jeff Thornsen wrote: > Sorry to spam the mailing list, I just figured out my problem. > > I was able to use the 'modutil' command to add my custom library into the > nssdb at /etc/pki/nssdb/. Then p11_child was able to locate and use the > library to read my Smart Cards. > > Perhaps there is a smarter way to do this via the update-ca-trust command, > but I am OK with just running modutil after installing our custom SmartCard > library.
Hi, using 'modutil' is the expected way to add a PKCS#11 module to an NSS database. There is a helper script 'pkcs11-switch' in the opensc package which makes it easy to switch between the two PKCS#11 modules provided by RHEL coolkey and opensc. If you take a look at the script you will see that 'modutil' is used internally. When SSSD is using p11-kit, e.g. on RHEL-8, you have to create a pkcs11.conf file to make p11-kit aware of your PKCS#11 module. See man pkcs11.conf and e.g. /usr/share/p11-kit/modules/opensc.module for details. bye, Sumit > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
