1568088 – Any CAC (even a Debit Card) unlocks workstation

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1568088 - Any CAC (even a Debit Card) unlocks workstation

Summary: Any CAC (even a Debit Card) unlocks workstation

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	opensc
Sub Component:
Version:	7.4
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Jakub Jelen
QA Contact:	Asha Akkiangady
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-04-16 18:25 UTC by Josip Vilicic
Modified:	2023-09-14 04:26 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-06-06 16:01:34 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Smart Card Manager with debit card inserted (44.49 KB, image/png) 2018-04-16 18:26 UTC, Josip Vilicic	no flags	Details
output of following command when debit card is inserted: `sudo LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu --color` (73.17 KB, text/plain) 2018-04-16 18:27 UTC, Josip Vilicic	no flags	Details
output of following command when CAC card is inserted: `sudo LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu --color` (120.73 KB, text/plain) 2018-04-16 18:28 UTC, Josip Vilicic	no flags	Details
View All

Description Josip Vilicic 2018-04-16 18:25:40 UTC

Description of problem:
Any CAC (even a Debit Card) unlocks workstation


Version-Release number of selected component (if applicable):
opensc


How reproducible:
consistent


Steps to Reproduce:
1) Configure SmartCard authentication
2) Initial login works
3) Pull out CAC, workstation locks as expected
3) Try to unlock workstation again with incorrect CAC


Actual results:
Workstation gets unlocked


Expected results:
Incorrect CAC cards (cards from other users, or Debit cards) shouldn't unlock system


Additional info:
- Using Oberthur ID One 128 v5.5a CAC cards and Dell Dell Smart Card Reader Keyboard

- Got customer to switch from CoolKey to OpenSC, but now they can't run `pksc11_eventmgr`:
    # pkcs11_eventmgr debug nodaemon
    DEBUG:pkcs11_eventmgr.c:379: Initializing NSS ...
    DEBUG:pkcs11_eventmgr.c:395: loading the module ...
    DEBUG:pkcs11_eventmgr.c:406: loading Module explictly, moduleSpec=<library="libopensc.so" name="SmartCard"> module=libopensc.so
    DEBUG:pkcs11_eventmgr.c:413: Failed to load SmartCard software

- # opensc-tool --atr
    Using reader with a card: Dell Dell Smart Card Reader Keyboard 00 00
    3b:db:96:00:80:1f:03:00:31:c0:64:b0:f3:10:00:07:90:00:80

- Seeing "card absent" and "card removed":
# OPENSC_DEBUG=9 pkcs11-tool -L
0x7efc3636b740 09:22:30.940 [opensc-pkcs11] ctx.c:790:sc_context_create: ===================================
0x7efc3636b740 09:22:30.940 [opensc-pkcs11] ctx.c:791:sc_context_create: opensc version: 0.16.0
0x7efc3636b740 09:22:30.941 [opensc-pkcs11] reader-pcsc.c:754:pcsc_init: PC/SC options: connect_exclusive=0 disconnect_action=1 transaction_end_action=0 reconnect_action=0 enable_pinpad=1 enable_pace=1
0x7efc3636b740 09:22:30.941 [opensc-pkcs11] reader-pcsc.c:1154:pcsc_detect_readers: called
0x7efc3636b740 09:22:30.941 [opensc-pkcs11] reader-pcsc.c:1168:pcsc_detect_readers: Probing PC/SC readers
0x7efc3636b740 09:22:30.941 [opensc-pkcs11] reader-pcsc.c:1196:pcsc_detect_readers: Establish PC/SC context
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:1243:pcsc_detect_readers: Found new PC/SC reader 'Dell Dell Smart Card Reader Keyboard 00 00'
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:303:refresh_attributes: Dell Dell Smart Card Reader Keyboard 00 00 check
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:331:refresh_attributes: current  state: 0x00080012
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:332:refresh_attributes: previous state: 0x00000000
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:389:refresh_attributes: card absent
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:1276:pcsc_detect_readers: Requesting reader features ... 
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:1286:pcsc_detect_readers: Dell Dell Smart Card Reader Keyboard 00 00:SCardConnect(DIRECT): 0x00000000
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:999:detect_reader_features: called
0x7efc3636b740 09:22:30.944 [opensc-pkcs11] reader-pcsc.c:1020:detect_reader_features: Reader feature 06 found
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:1020:detect_reader_features: Reader feature 07 found
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:1020:detect_reader_features: Reader feature 0a found
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:1020:detect_reader_features: Reader feature 12 found
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:1048:detect_reader_features: Reader supports pinpad PIN verification
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:1058:detect_reader_features: Reader supports pinpad PIN modification
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:1087:detect_reader_features: Reader does not have a display.
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:940:part10_detect_max_data: get dwMaxAPDUDataSize property returned 65536
0x7efc3636b740 09:22:30.945 [opensc-pkcs11] reader-pcsc.c:979:part10_get_vendor_product: id_vendor=413c id_product=2101
0x7efc3636b740 09:22:30.947 [opensc-pkcs11] reader-pcsc.c:1311:pcsc_detect_readers: reader's max-send-size: 65536, max-recv-size: 65536
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] reader-pcsc.c:1337:pcsc_detect_readers: returning with: 0 (Success)
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] misc.c:495:load_pkcs11_parameters: PKCS#11 options: max_virtual_slots=16 slots_per_card=4 hide_empty_tokens=1 lock_login=0 atomic=0 pin_unblock_style=0 zero_ckaid_for_ca_certs=0 create_slots_flags=0x8
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] slot.c:109:create_slot: Initializing slot with id 0x0
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] slot.c:109:create_slot: Initializing slot with id 0x1
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] slot.c:109:create_slot: Initializing slot with id 0x2
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] slot.c:109:create_slot: Initializing slot with id 0x3
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] slot.c:168:initialize_reader: Initialize reader 'Dell Dell Smart Card Reader Keyboard 00 00': detect SC card presence
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] sc.c:271:sc_detect_card_presence: called
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] reader-pcsc.c:397:pcsc_detect_card_presence: called
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] reader-pcsc.c:303:refresh_attributes: Dell Dell Smart Card Reader Keyboard 00 00 check
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] reader-pcsc.c:323:refresh_attributes: returning with: 0 (Success)
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] reader-pcsc.c:402:pcsc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] sc.c:276:sc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] slot.c:174:initialize_reader: Reader 'Dell Dell Smart Card Reader Keyboard 00 00' initialized
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] pkcs11-global.c:273:C_Initialize: C_Initialize() = CKR_OK
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] pkcs11-global.c:390:C_GetSlotList: C_GetSlotList(token=0, plug-n-play)
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] reader-pcsc.c:1154:pcsc_detect_readers: called
0x7efc3636b740 09:22:30.948 [opensc-pkcs11] reader-pcsc.c:1168:pcsc_detect_readers: Probing PC/SC readers
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] reader-pcsc.c:1337:pcsc_detect_readers: returning with: 0 (Success)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:359:card_detect_all: Detect all cards
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:224:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: Detecting smart card
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] sc.c:271:sc_detect_card_presence: called
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] reader-pcsc.c:397:pcsc_detect_card_presence: called
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] reader-pcsc.c:303:refresh_attributes: Dell Dell Smart Card Reader Keyboard 00 00 check
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] reader-pcsc.c:323:refresh_attributes: returning with: 0 (Success)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] reader-pcsc.c:402:pcsc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] sc.c:276:sc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:233:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: card absent
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:184:card_removed: Dell Dell Smart Card Reader Keyboard 00 00: card removed
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x0)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 0
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x1)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x2)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x3)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:378:card_detect_all: All cards detected
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] pkcs11-global.c:426:C_GetSlotList: was only a size inquiry (1)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] pkcs11-global.c:390:C_GetSlotList: C_GetSlotList(token=0, refresh)
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:359:card_detect_all: Detect all cards
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] slot.c:224:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: Detecting smart card
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] sc.c:271:sc_detect_card_presence: called
0x7efc3636b740 09:22:30.949 [opensc-pkcs11] reader-pcsc.c:397:pcsc_detect_card_presence: called
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] reader-pcsc.c:303:refresh_attributes: Dell Dell Smart Card Reader Keyboard 00 00 check
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] reader-pcsc.c:323:refresh_attributes: returning with: 0 (Success)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] reader-pcsc.c:402:pcsc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] sc.c:276:sc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:233:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: card absent
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:184:card_removed: Dell Dell Smart Card Reader Keyboard 00 00: card removed
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x0)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 0
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x1)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x2)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x3)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:378:card_detect_all: All cards detected
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] pkcs11-global.c:443:C_GetSlotList: returned 1 slots
Available slots:
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] pkcs11-global.c:494:C_GetSlotInfo: C_GetSlotInfo(0x0)
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:359:card_detect_all: Detect all cards
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] slot.c:224:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: Detecting smart card
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] sc.c:271:sc_detect_card_presence: called
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] reader-pcsc.c:397:pcsc_detect_card_presence: called
0x7efc3636b740 09:22:30.950 [opensc-pkcs11] reader-pcsc.c:303:refresh_attributes: Dell Dell Smart Card Reader Keyboard 00 00 check
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] reader-pcsc.c:323:refresh_attributes: returning with: 0 (Success)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] reader-pcsc.c:402:pcsc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] sc.c:276:sc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:233:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: card absent
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:184:card_removed: Dell Dell Smart Card Reader Keyboard 00 00: card removed
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x0)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 0
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x1)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x2)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x3)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:378:card_detect_all: All cards detected
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] pkcs11-global.c:506:C_GetSlotInfo: C_GetSlotInfo() get slot rv 0
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] slot.c:224:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: Detecting smart card
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] sc.c:271:sc_detect_card_presence: called
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] reader-pcsc.c:397:pcsc_detect_card_presence: called
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] reader-pcsc.c:303:refresh_attributes: Dell Dell Smart Card Reader Keyboard 00 00 check
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] reader-pcsc.c:323:refresh_attributes: returning with: 0 (Success)
0x7efc3636b740 09:22:30.951 [opensc-pkcs11] reader-pcsc.c:402:pcsc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] sc.c:276:sc_detect_card_presence: returning with: 0 (Success)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:233:card_detect: Dell Dell Smart Card Reader Keyboard 00 00: card absent
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:184:card_removed: Dell Dell Smart Card Reader Keyboard 00 00: card removed
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x0)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x1)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x2)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x3)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-global.c:516:C_GetSlotInfo: C_GetSlotInfo() card detect rv 0xE0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-global.c:533:C_GetSlotInfo: C_GetSlotInfo() flags 0x6
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-global.c:534:C_GetSlotInfo: C_GetSlotInfo(0x0) = CKR_OK
Slot 0 (0x0): Dell Dell Smart Card Reader Keyboard 00 00
  (empty)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-global.c:304:C_Finalize: C_Finalize()
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] ctx.c:846:sc_cancel: called
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] reader-pcsc.c:677:pcsc_cancel: called
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:184:card_removed: Dell Dell Smart Card Reader Keyboard 00 00: card removed
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x0)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x1)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x2)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] slot.c:446:slot_token_removed: slot_token_removed(0x3)
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] ctx.c:869:sc_release_context: called
0x7efc3636b740 09:22:30.952 [opensc-pkcs11] reader-pcsc.c:834:pcsc_finish: called

Comment 2 Josip Vilicic 2018-04-16 18:26:38 UTC

Created attachment 1422670 [details]
Smart Card Manager with debit card inserted

Comment 3 Josip Vilicic 2018-04-16 18:27:43 UTC

Created attachment 1422671 [details]
output of following command when debit card is inserted:   `sudo LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu --color`

Comment 4 Josip Vilicic 2018-04-16 18:28:15 UTC

Created attachment 1422672 [details]
output of following command when CAC card is inserted:   `sudo LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu --color`

Comment 5 Jakub Jelen 2018-04-17 07:11:34 UTC

The log from OpenSC clearly says the card is not detected (when it is not CAC) so how is that supposed to unlock the screen?

Scanning through the sosreport from April 4th, I see that the pam_pkcs11.conf is still configured to use OpenSC. Can you share more up-to-date sos report with updated configuration files? It is also missing the nss_dir option as described in [1].

DEBUG:pkcs11_eventmgr.c:406: loading Module explictly, moduleSpec=<library="libopensc.so" name="SmartCard"> module=libopensc.so

This is really wrong. There should be no libopensc.so, but "opensc-pkcs11.so" as in the original configuration file!

That GDM lets anyone in with this misconfiguration is obviously an issue, can you verify that there is really nothing else in the system-wide NSS DB that is used (such as standalone certificates that would allow the users in) for example using certutil?

    certutil -L -d /etc/pki/nssdb/

[1] https://access.redhat.com/articles/3034441

Comment 7 Red Hat Bugzilla 2023-09-14 04:26:54 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days

Note You need to log in before you can comment on or make changes to this bug.