[Pki-users] [Coolkey-devel] PIV-II middleware bug in coolkey

Nordgren, Bryce L -FS bnordgren at fs.fed.us
Mon May 18 20:45:28 UTC 2015 

Done.

> -----Original Message-----
> From: John Magne [mailto:jmagne at redhat.com]
> Sent: Monday, May 18, 2015 11:05 AM
> To: Nordgren, Bryce L -FS
> Cc: coolkey-devel at redhat.com; pki-users at redhat.com
> Subject: Re: [Coolkey-devel] PIV-II middleware bug in coolkey
> 
> File your bug under coolkey.
> 
> thanks,
> jack
> 
> 
> ----- Original Message -----
> > From: "Bryce L Nordgren -FS" <bnordgren at fs.fed.us>
> > To: coolkey-devel at redhat.com, pki-users at redhat.com
> > Sent: Saturday, May 16, 2015 1:34:25 PM
> > Subject: [Coolkey-devel] PIV-II middleware bug in coolkey
> >
> >
> >
> > Continuation of thread started in:
> > https://www.redhat.com/archives/pki-users/2015-April/msg00041.html
> >
> >
> >
> > Synopsis: coolkey misinterprets my USDA LincPass (issued by a GSA
> > Credentialing Center) as a CAC, then fails. It’s a PIV-II, according
> > to OpenSC, which doesn’t fail.
> >
> >
> >
> > Using the OpenSC module with pam-pkcs11, I was able to get
> > pklogin_finder to validate my certificates and associate my card to a
> > user account via cn mapper. Using the coolkey module, errors ensued
> > and logs are attached to the above thread.
> >
> >
> >
> > The question is: how do I/should I report this bug? Coolkey looks
> > dead. No svn commits for 4 years. Last mailing list traffic on
> > coolkey-devel was 2012. Is there anyone on the project?
> >
> >
> >
> > In the interim, I was also able to locate a standard deck of test
> > cards [1], both for 30 day loan and for purchase @ $1900. The test
> > deck contains two “golden” cards and 22 cards with known problems that
> > the software should catch. It does not appear I can request an “extra”
> > card from USDA for testing. If there’s anyone left to update coolkey,
> > do you think the 30 day loan (potentially with an extension) is enough
> > time to debug the software, or at the very least get a start on it?
> >
> >
> >
> > If the $1900 deck is necessary to add this functionality, it may be
> > possible to donate or semi-permanently loan a set to the open source
> > project. But I’d definitely need to understand what the coolkey
> > project’s release and testing plan is and who would hold the physical
> assets.
> >
> >
> >
> > Thanks,
> >
> > Bryce
> >
> >
> >
> > [1] http://www.idmanagement.gov/ficam-testing-program
> >
> >
> >
> > _______________________________________________
> > Coolkey-devel mailing list
> > Coolkey-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/coolkey-devel

More information about the Pki-users mailing list