Re: [Opensc-devel] PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard

[Steven D B. <sb...@ca...>]

We are trying to login to a Windows 2008 R2 machine.

I have sent many traces to Dr Rousseau, did you want me to capture one and
post it here?

Gemalto provided me with an implementation of PKCS11 which others have
indicated I should not need.



Steven Brown, Support Consultant
ISM Canada  An IBM Global Services Company
1 Research Drive, Regina, Saskatchewan, Canada,S4S7H1
Mail:  sb...@ca...
Direct: 1.306.337.5620


                                                                                                                                   
  From:       "Douglas E. Engert" <dee...@an...>                                                                               
                                                                                                                                   
  To:         ope...@li...,                                                                                  
                                                                                                                                   
  Date:       2013/08/12 09:57 AM                                                                                                  
                                                                                                                                   
  Subject:    Re: [Opensc-devel] PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard                                     
                                                                                                                                   







On 8/8/2013 5:16 PM, Steven D Brown wrote:
>
> Hello Folks,
>
> This is my first post here, I did some searches of the mailing list via
> Google but didn't see anything relevant.
>
> I have the following setup:
>
> RedHat 6.4 / Ubuntu 12.xx laptops
> Rdesktop 1.7.1
> PSCSlite 1.8.5
>
> Gemalto Reader as shown here:
> http://pcsclite.alioth.debian.org/ccid/supported.html#0x08E60x3437  ,
> although it is a USB model
>
> I would like to be able to use my Gemalto IDPrime .NET (
> http://www.gemalto.com/products/dotnet_card/ ) card to login to a Windows
> Server from my Linux laptops.

What version of the windows server?

>
>
> I have spent the past week or so speaking to Dr Rousseau about PCSClite
and
> he says that the Windows server is asking for some attributes that PCSC
is
> currently unequipped to handle on these cards.    Because this is a
> self-motivated project within my department, I am unable to fund a
massive
> research project to sort this out.
>
> I was hoping maybe someone here could help me.    I have received a ZIP
> file from Gemalto which contains their PKCS11 Library for use with these
> cards.
>

Just tested from: Ubuntu 12.10 using:

  Rdesktop 1.7.1
  PSCSlite 1.8.5

  SCM 355 reader
  U.S. Gov issued PIV smart card to Windows 7 using:

  rdesktop -r scard hostname

This works, and Windows 7 logs me in to the Windows Domain,
as if I was at the console.

Note that neither OpenSC or PKCS#11 is not involved.

The Windows 7 built-in minidriver driver sends APDU commands to pcscd
on ubuntu, and responses are returned.

As Dr Rousseau must have indicated, It sounds like the GemAlto software
on the Windows side is sending some commands over to rdesktop to be sent
to pcscd that it can not handle.

Have you gotten a pcscd trace?
  /usr/sbin/pcscd -f -a -d > some.output.file

> Would someone here be willing to work with me to make these cards
> compatible with PSCS / OpenSC / OpenCT / Whatever?

For use with Windows via rdesktop, it sounds like you need a
minidriver on Windows and no changes on the unix side.
But GemAlto (or Windows .NET) provided you with one.

It may be that the windows server is old, can you try
doing a rdesktop to a Windows 7 or Windows 8?

It could also be that the .NET card is sending commands to
pcscd that rdesktop or pcscd can not handle.

Does a PCSCD trace show what is failing?

>
> Is it possible?

Yes, but it sounds like the GemAlto driver should work,
if run on a new enough Windows server.

>
> Steven Brown, Support Consultant
> ISM Canada  An IBM Global Services Company
> 1 Research Drive, Regina, Saskatchewan, Canada,S4S7H1
> Mail:  sb...@ca...
> Direct: 1.306.337.5620
>
>
>
------------------------------------------------------------------------------

> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
>
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <DEE...@an...>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------

Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
Ope...@li...
https://lists.sourceforge.net/lists/listinfo/opensc-devel