Re: Issue in Certificate logon in XP

More info on this. I think it is an ID Ally bug.

Looking at spy and opensc debug logs, It looks like
the CSP is called when a card is removed sounds reasonable.

The Id Ally does  C_Initialize, C_GetSlotList,
a loop over the 8 slots for C_GetSlotInfo
then a C_Finalize.

I then logged off and try to login again.

Rather then another C_Initialize as would be expected
since C_Finalize was called last,  Id Ally does a
C_OpenSession.

The way I read PKCS#11 2.01 under C_Finalize it says:
"C_Finalize is called to indicate that an application
is finished
with the Cryptoki library."
If IdAlly wants to use the library again, it should call
C_Initialize.

IdAlly tries some other thinks, and gets back in sync so the
next
login works.

But I would also think OpenSC should give an error if the
C_OpenSession
is called and C_Initialize has not been called. But it is
not clear if
Id Ally could get back in sync!

kamal krishna wrote:
> Hi,
> Today i tried certificate logon in XP with PIV card.
> As i told you before, first certificate logon after
> reboot succeeded. But the second logon failed.
> 
> I have attached the opensc log files with this. This
> log file contain entries for first successful logon
> and second failed logon.
> 
> Please give your opinion.
> 
> Regards,
> Kamal.
> --- "Douglas E. Engert" <deengertanl.gov> wrote:
> 
>>
>> kamal krishna wrote:
>>> Hi all,
>>> I tried certificate logon with "Identity
Alliance
>> CSP"
>>> and opensc-pkcs11 module in XP machine. The
>>> certificate logon works fine for the first
time.
>> But
>>> if we logoff and again tries to do certificate
>> logon,
>>> the logon fails second time.
>>>
>>> I want to confirm whether it is a issue. 
>> Works OK for me.
>>
>>> I analysed the opensc log files. I think
following
>> is
>>> the reason for the error. In XP, opensc-pkcs11
>> module
>>> maintains the pc/sc smartcard connection
during
>> the
>>> first certificate logon. And it uses the same
>> pc/sc
>>> connection for the second certificate logon
also.
>> But
>>> since we removed and inserted the card in the
>> middle
>>> for getting PIN prompt in winlogon, we are
getting
>> the
>>> error.
>> Sounds like the card failed to do an unlock() at
>> some time
>> and so the pcsc connection might still be active.
>> What type/version of IdAlly, OpenSC, card and
reader
>> are
>> you using?
>>
>> I am using IdAlly-1.0,  SCB-0.8 (
>> PIV card and pcmcia GemPC card.
>>
>> Note scb-0.8 is based on OpenSC-0.11.2 but the
>> version numbers in the opensc-pkcs11.dll says
>> 0.11.1.
>>
>>
>>> Can any one please tell me whether it is a
issue
>> and
>>> Is there any way to solve this. 
>>>
>>> Regards,
>>> Kamal.
>>>
>>>
>>>
>>>        
>>>
>
____________________________________________________________
________________________
>>> Sick sense of humor? Visit Yahoo! TV's 
>>> Comedy with an Edge to see what's on, when. 
>>> http://tv.yahoo.c
om/collections/222
>>>
_______________________________________________
>>> opensc-devel mailing list
>>> opensc-devellists.opensc-project.org
>>>
> http://www.opensc-project.org/mailman/listinfo/opensc
-devel
>>>
>> -- 
>>
>>   Douglas E. Engert  <DEEngertanl.gov>
>>   Argonne National Laboratory
>>   9700 South Cass Avenue
>>   Argonne, Illinois  60439
>>   (630) 252-5444
>>
> 
> 
> 
>        
>
____________________________________________________________
________________________
> Get the Yahoo! toolbar and be alerted to new email
wherever you're surfing.
> http://new.toolbar.yahoo.com/toolbar/features/mail/i
ndex.php

-- 

  Douglas E. Engert  <DEEngertanl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

Re: Issue in Certificate logon in XP

Thread: Re: Issue in Certificate logon in XP