hi,

trying to get smart card authentication using a yubikey.

I follow the

$ opensc-tool --list-readers
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    Yes             Yubico Yubikey NEO OTP+U2F+CCID 00 00

I managed to import a key and certificate (generated by openssl):

$ yubico-piv-tool -a status -v
trying to connect to reader 'Yubico Yubikey NEO OTP+U2F+CCID 00 00'.
Action 'status' does not need authentication.
Now processing for action 'status'.
CHUID:    No data available
CCC:    No data available
Slot 9a:  
    Algorithm:    RSA2048
    Subject DN:    O=UNIX.ASENJO.NL, CN=user50
    Issuer DN:    O=UNIX.ASENJO.NL, CN=Certificate Authority
    Fingerprint:    dce33717ab7b9e13e8c5a54eb6ccc8aa5c12696af390fb1db20d2b01739922f9
    Not Before:    Nov  8 22:40:02 2018 GMT
    Not After:    Nov  8 22:40:02 2020 GMT
PIN tries left:    3

And this user50 has this certificate in ipa.

My trouble starts when running this step on the client:

# modutil -dbdir /etc/pki/nssdb -add "OpenSC" -libfile opensc-pkcs11.so -force
ERROR: Failed to add module "OpenSC". Probable cause : "Unknown PKCS #11 error."

I have tried using full paths (/usr/lib64/opensc-pkcs11.so, /usr/lib64/pkcs11/opensc-pkcs11.so), all met with same errors.

So, basically, I'm stuck now :(, because without this piece opensc cannot work apparently.

This is a fedora 29 host, by the way.

Any clues?

--

regards,

Natxo