Hide Forgot
Description of problem: SSIA. The client system is configured properly, the very same card e.g. logs users in, but in the guest system, pcscd sees the card but not certs stored there. Version-Release number of selected component (if applicable): pcsc-lite-1.5.2-6.el6.x86_64 (both client and guest) qemu-kvm-0.12.1.2-2.209.el6_2.1.x86_64 spice-client-0.8.2-7.el6.x86_64 spice-server-0.8.2-5.el6.x86_64 How reproducible: always Steps to Reproduce: 1. configure client system to be able to work with smartcard 2. configure guest system the same way 3. connect from client to guest using 'spicec <other_options> --smartcard' 4. run 'pklogin_finder debug' in the guest Actual results: no token is shown Expected results: token on the device is shown Additional info: 'pklogin_finder debug' output: $ pklogin_finder debug DEBUG:pam_config.c:238: Using config file /etc/pam_pkcs11/pam_pkcs11.conf DEBUG:pkcs11_lib.c:182: Initializing NSS ... DEBUG:pkcs11_lib.c:192: Initializing NSS ... database=/etc/pki/nssdb DEBUG:pkcs11_lib.c:210: ... NSS Complete DEBUG:pklogin_finder.c:71: loading pkcs #11 module... DEBUG:pkcs11_lib.c:222: Looking up module in list DEBUG:pkcs11_lib.c:225: modList = 0x187c6a0 next = 0x188df30 DEBUG:pkcs11_lib.c:226: dllName= <null> DEBUG:pkcs11_lib.c:225: modList = 0x188df30 next = 0x0 DEBUG:pkcs11_lib.c:226: dllName= libcoolkeypk11.so DEBUG:pklogin_finder.c:79: initialising pkcs #11 module... DEBUG:pklogin_finder.c:95: no token available all other stuff in attachments
Created attachment 549349 [details] pcscd log from client machine
Created attachment 549350 [details] spicec.log (with SPICEC_LOG_LEVEL=0)
Created attachment 549351 [details] qemu-kvm log (with smartcard-related debug levels set to 4)
Created attachment 549352 [details] pcscd log from guest machine
Hi Robert, Can you take a look? Alon
Created attachment 551209 [details] guest pcscd and pklogin_finder blended log Two more logs, just from time when "pklogin_finder debug" is run. This one is blended guest pcscd and pklogin (pklogin output redirected to pcscd's console). The other one is spicec output with maximum log level. [lines in brackets like this denote my description of event]
Created attachment 551210 [details] spicec.log (with SPICEC_LOG_LEVEL=0)
David, do you have a guest set up that I can log into and test? bob
(In reply to comment #8) > David, do you have a guest set up that I can log into and test? > > bob I've prepared a guest for you and I've emailed details of it to you directly. If it is not usable to you, just create a plain RHEL 6.2 VM on top of plain RHEL 6.2 host yourself.
Thanks David. Where the Cards you were testing with have 1 or 2 certificates on them? If so then this is probably a dup of bug 700907. The virtual machine you set up for me now has development built version of coolkey that should fix the problem if you want to verify that your card now works. If it does work, you can close this bug as a dup of 700907. I was able to see 3 certificate cards fine without the patched version of coolkey, but I was using the spice client on fedora 15. spice-client-0.8.1-1.fc15.x86_64 bob
Bob, I could make the smartcard auth work in the machine with your coolkey so I'm marking as dupe as requested. *** This bug has been marked as a duplicate of bug 700907 ***