Re: [Opensc-devel] PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard

[Douglas E. E. <dee...@an...>]

On 8/12/2013 11:19 AM, Steven D Brown wrote:
> We are trying to login to a Windows 2008 R2 machine.
>
> I have sent many traces to Dr Rousseau, did you want me to capture one and
> post it here?

Not really.

If Dr Rousseau looked at your traces, and said it was sending
commands pcscd does not support, then pcscd does not support them.
It might be possible to get it to support them if one can find the
Microsoft documentation on what these commands are expected to do.
This might mean changes to rdesktop too.


http://technet.microsoft.com/en-us/library/ff404286(WS.10).aspx

>
> Gemalto provided me with an implementation of PKCS11 which others have
> indicated I should not need.

Correct. It looks like it would have no use in trying to use rdesktop
to login to Windows.

But you could use in on Linux with FireFox, Thunderbird or Kerberos PKINIT.

>
>
>
> Steven Brown, Support Consultant
> ISM Canada  An IBM Global Services Company
> 1 Research Drive, Regina, Saskatchewan, Canada,S4S7H1
> Mail:  sb...@ca...
> Direct: 1.306.337.5620
>
>
>
>    From:       "Douglas E. Engert" <dee...@an...>
>
>    To:         ope...@li...,
>
>    Date:       2013/08/12 09:57 AM
>
>    Subject:    Re: [Opensc-devel] PCSClite + OpenSC + RDesktop + Gemalto IDPrime .NET SmartCard
>
>
>
>
>
>
>
>
> On 8/8/2013 5:16 PM, Steven D Brown wrote:
>>
>> Hello Folks,
>>
>> This is my first post here, I did some searches of the mailing list via
>> Google but didn't see anything relevant.
>>
>> I have the following setup:
>>
>> RedHat 6.4 / Ubuntu 12.xx laptops
>> Rdesktop 1.7.1
>> PSCSlite 1.8.5
>>
>> Gemalto Reader as shown here:
>> http://pcsclite.alioth.debian.org/ccid/supported.html#0x08E60x3437  ,
>> although it is a USB model
>>
>> I would like to be able to use my Gemalto IDPrime .NET (
>> http://www.gemalto.com/products/dotnet_card/ ) card to login to a Windows
>> Server from my Linux laptops.
>
> What version of the windows server?
>
>>
>>
>> I have spent the past week or so speaking to Dr Rousseau about PCSClite
> and
>> he says that the Windows server is asking for some attributes that PCSC
> is
>> currently unequipped to handle on these cards.    Because this is a
>> self-motivated project within my department, I am unable to fund a
> massive
>> research project to sort this out.
>>
>> I was hoping maybe someone here could help me.    I have received a ZIP
>> file from Gemalto which contains their PKCS11 Library for use with these
>> cards.
>>
>
> Just tested from: Ubuntu 12.10 using:
>
>    Rdesktop 1.7.1
>    PSCSlite 1.8.5
>
>    SCM 355 reader
>    U.S. Gov issued PIV smart card to Windows 7 using:
>
>    rdesktop -r scard hostname
>
> This works, and Windows 7 logs me in to the Windows Domain,
> as if I was at the console.
>
> Note that neither OpenSC or PKCS#11 is not involved.
>
> The Windows 7 built-in minidriver driver sends APDU commands to pcscd
> on ubuntu, and responses are returned.
>
> As Dr Rousseau must have indicated, It sounds like the GemAlto software
> on the Windows side is sending some commands over to rdesktop to be sent
> to pcscd that it can not handle.
>
> Have you gotten a pcscd trace?
>    /usr/sbin/pcscd -f -a -d > some.output.file
>
>> Would someone here be willing to work with me to make these cards
>> compatible with PSCS / OpenSC / OpenCT / Whatever?
>
> For use with Windows via rdesktop, it sounds like you need a
> minidriver on Windows and no changes on the unix side.
> But GemAlto (or Windows .NET) provided you with one.
>
> It may be that the windows server is old, can you try
> doing a rdesktop to a Windows 7 or Windows 8?
>
> It could also be that the .NET card is sending commands to
> pcscd that rdesktop or pcscd can not handle.
>
> Does a PCSCD trace show what is failing?
>
>>
>> Is it possible?
>
> Yes, but it sounds like the GemAlto driver should work,
> if run on a new enough Windows server.
>
>>
>> Steven Brown, Support Consultant
>> ISM Canada  An IBM Global Services Company
>> 1 Research Drive, Regina, Saskatchewan, Canada,S4S7H1
>> Mail:  sb...@ca...
>> Direct: 1.306.337.5620
>>
>>
>>
> ------------------------------------------------------------------------------
>
>> Get 100% visibility into Java/.NET code with AppDynamics Lite!
>> It's a free troubleshooting tool designed for production.
>> Get down to code-level detail for bottlenecks, with <2% overhead.
>> Download for free and get started troubleshooting in minutes.
>>
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Opensc-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>
>
> --
>
>    Douglas E. Engert  <DEE...@an...>
>    Argonne National Laboratory
>    9700 South Cass Avenue
>    Argonne, Illinois  60439
>    (630) 252-5444
>
> ------------------------------------------------------------------------------
>
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
>
>
>
> .
>

-- 

  Douglas E. Engert  <DEE...@an...>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444