[Pki-users] ESC doesn't recognize smartcard / standalone operation?
John Magne
jmagne at redhat.com
Mon May 18 17:03:45 UTC 2015
Bryce:
I would imagine that the smart card manager relies upon coolkey to recognize cards.
As per your other question, I think you are fine. The whole TMS system ESC/TPS is used to
provision cards with the coolkey applet. For other types of cards it will do nothing but
display some minor information about the token.
----- Original Message -----
> From: "Bryce L Nordgren -FS" <bnordgren at fs.fed.us>
> To: pki-users at redhat.com
> Sent: Saturday, May 16, 2015 3:03:17 PM
> Subject: [Pki-users] ESC doesn't recognize smartcard / standalone operation?
>
>
>
> My system is to the point where command line interaction with the smart card
> behaves as expected, as long as I use the OpenSC middleware to pam_pkcs11,
> and not coolkey. Using pklogin_finder asks for the PIN, verifies the
> certificates, and maps the user to a local system account. System details in
> previous thread:
> https://www.redhat.com/archives/pki-users/2015-April/msg00041.html
>
>
>
> My expectation was that the “smart card manager” should pop up when the card
> is inserted. It doesn’t. I can type “esc” at the command line, and it says
> “No Cards Present” with everything greyed out. Likewise, inserting the smart
> card at the login prompt does nothing. There _ is _ an “./escd” process
> running. Is ESC hardwired to use coolkey, which can’t read my card? How can
> I debug this?
>
>
>
> Final question: Am I correct to assume that my situation does not call for a
> TPS, TKS, or even a CA? I must not touch the info on these smart cards:
> Never format, never issue certs, never save, never change. My machines just
> need to respect a totally external PKI infrastructure: ask for PIN, verify
> cert against the CA bundle, and start a login session. For any of the things
> I would need a PKI infrastructure for, I need to make an appointment at a
> GSA Credentialing Center, then physically show up with two forms of ID in
> hand.
>
>
>
> Many thanks for your helpful advice!
>
> Bryce
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list