thanks for the reply!

i am able to access a root shell on thinstation, and have run pscsd -fad looking for anything interesting, alas to no avail. all the output seems as to be expected, but maybe i shall send this request to the pcsc lite mailing list. thanks again,


On Fri, Sep 17, 2010 at 10:45 AM, Jennings, Jared L CTR USAF AFMC 46 SK/CCI <jared.jennings.ctr@eglin.af.mil> wrote:
> but when i insert a smart card it says 'no valid certificates
> found'. the same card works fine from an xp rdp session. i am using
> 1024 bit keys as i read somewhere that rdesktop does not support 2048
> bit keys, but i can not find any other documentation for configuring
> certs to use with rdesktop.

Chris, I don't believe rdesktop deals with certificates on smart cards
directly. What it does is to take requests to talk to the smartcard that
the server sends over the RDP connection, and hand them to pcscd, which
sends them to the smartcard. Then when the smartcard responds, pcscd
hands the response back to rdesktop, which hands it back over the
connection to the server.

So the rest of Windows on the server, above the RDP layer, sees "ah,
here is another smartcard reader, let me just talk to it." So rdesktop
doesn't deal directly in smartcard keys or certificates, and that's why
there is no documentation for that. I suspect that whatever you read
about keys may have had something to do with licensing.

There are about two possible areas of failure: rdesktop may fail to
broker requests and responses properly between the server and pcscd, or
pcscd may fail to act exactly like the corresponding layer of Windows XP
in some way.

I don't know how to use thinstation, but if you can become root on it,
kill pcscd and run it as "pcscd -df", you can see all the debug messages
pcscd has to offer. It colors them; red ones are probably bad. "pcscd
-adf" also shows you all the bytes going back and forth from the card.

Beyond that, I don't know. Good luck!

