Re: Issue in Certificate logon in XP

kamal krishna wrote:
> Hi,
> Today i tried certificate logon in XP with PIV card.
> As i told you before, first certificate logon after
> reboot succeeded. But the second logon failed.
> 
> I have attached the opensc log files with this. This
> log file contain entries for first successful logon
> and second failed logon.

Does the second attempt say something about the container
does not contain the key? (Or something like this..)

If you pull the card out and insert again, does the
login work?

We have seen this too. Pulling the card out and inserting
again
get it to work.

The SCB-0.8 is built on OpenSC-0.11.2 0.11.3 will contain a
number
of fixes for PIV, including some with locks, the ability to
use 2K
and 3K RSA keys, gzip'ed certs and use the FASC-N for a card
serial
number.

I don't have the same build environment as Andreas on
Windows
so can't produce a full SCB, only parts.

I will see what I can do to do some more testing of
0.11.3-pre
on XP.


> 
> Please give your opinion.
> 
> Regards,
> Kamal.
> --- "Douglas E. Engert" <deengertanl.gov> wrote:
> 
>>
>> kamal krishna wrote:
>>> Hi all,
>>> I tried certificate logon with "Identity
Alliance
>> CSP"
>>> and opensc-pkcs11 module in XP machine. The
>>> certificate logon works fine for the first
time.
>> But
>>> if we logoff and again tries to do certificate
>> logon,
>>> the logon fails second time.
>>>
>>> I want to confirm whether it is a issue. 
>> Works OK for me.
>>
>>> I analysed the opensc log files. I think
following
>> is
>>> the reason for the error. In XP, opensc-pkcs11
>> module
>>> maintains the pc/sc smartcard connection
during
>> the
>>> first certificate logon. And it uses the same
>> pc/sc
>>> connection for the second certificate logon
also.
>> But
>>> since we removed and inserted the card in the
>> middle
>>> for getting PIN prompt in winlogon, we are
getting
>> the
>>> error.
>> Sounds like the card failed to do an unlock() at
>> some time
>> and so the pcsc connection might still be active.
>> What type/version of IdAlly, OpenSC, card and
reader
>> are
>> you using?
>>
>> I am using IdAlly-1.0,  SCB-0.8 (
>> PIV card and pcmcia GemPC card.
>>
>> Note scb-0.8 is based on OpenSC-0.11.2 but the
>> version numbers in the opensc-pkcs11.dll says
>> 0.11.1.
>>
>>
>>> Can any one please tell me whether it is a
issue
>> and
>>> Is there any way to solve this. 
>>>
>>> Regards,
>>> Kamal.
>>>
>>>
>>>
>>>        
>>>
>
____________________________________________________________
________________________
>>> Sick sense of humor? Visit Yahoo! TV's 
>>> Comedy with an Edge to see what's on, when. 
>>> http://tv.yahoo.c
om/collections/222
>>>
_______________________________________________
>>> opensc-devel mailing list
>>> opensc-devellists.opensc-project.org
>>>
> http://www.opensc-project.org/mailman/listinfo/opensc
-devel
>>>
>> -- 
>>
>>   Douglas E. Engert  <DEEngertanl.gov>
>>   Argonne National Laboratory
>>   9700 South Cass Avenue
>>   Argonne, Illinois  60439
>>   (630) 252-5444
>>
> 
> 
> 
>        
>
____________________________________________________________
________________________
> Get the Yahoo! toolbar and be alerted to new email
wherever you're surfing.
> http://new.toolbar.yahoo.com/toolbar/features/mail/i
ndex.php

-- 

  Douglas E. Engert  <DEEngertanl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel