Hello everyone.
I'm trying to configure smart card login of active directory users on an ubuntu
machine.
I'm following this guide:
https://scriptech.io/linux-enable-smartcard-authentication-against-active...
But for me the opensc library cannot talk with my card and I'm using a library that my
card provider gave my. My issue right now is that `p11_child --pre --nssdb=/etc/pki/nssdb`
fails to pull the certificate from my smart card.
I'm able to log in with AD users and their smart cards using `kinit` and `ksu`, so I
know the cards are okay.
What's weird to me is that `modutil -list` shows slot 0 as empty and slot 1 as not
empty, and then `p11_child --pre` doesn't try to use slot 1. Maybe p11_child thinks
that if slot 0 is empty then slot 1 must be empty too?
Please help!
Here are the relevant logs:
```
# modutil -dbdir nssdb -list
Listing of PKCS #11 Modules
----------------------------------------------------
1. NSS Internal #11 Module
uri: pkcs11: library-manufacturer=Mozilla%20Foundation;
library-description=NSS%20Internal%20Crypto%20Services;library
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
uri:
pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;
serial=0000000000000000;model=NSS%203
2. MyTest
library name: mylib.so
uri:
pkcs11:library-manufacturer=Boring%20Ent.;library-description=Cryptokit%20Extended%20Version;libversion=5.3
slots: 2 slots attached
status: loaded
slot: [EMPTY]
token:
uri: pkcs11:
slot: Athena ASE IIIe (SBR069-00000) 00 00
token: 918
uri:
pkcs11:token=918;manufacturer=Boring%20Ent.;serial=0349B7D30E11024G;model=PKISmartCard%20(A)
```
```
# p11_child --pre --nssdb=nssdb -d=9
[main] (0x0400): p11_child started.
[main] (0x2000): Running in [pre-auth] mode.
[main] (0x2000): Running with effective IDs: [0][0].
[do_card] (0x4000): Default Module List:
[do_card] (0x4000): common name: INSS Internal PKCS #11
[do_card] (0x4000): dll name: [(null)).
[do_card] (0x4000): common name: [MyTest]
[do_card] (0x4000): dll name: [Libsadaptor.so].
[do_card] (0x4000): Dead Module List:
[do_card] (0x4000): DB Module List:
[do_card] (ex4000): common name: [NSS Internal Module].
[do_card] (0x4000): dll name: [(null)].
[do_card] (0x4000): Description [NSS Internal Cryptographic Services Mozilla Foundation]
Manufacturer [Mozilla Foundation] flags [9] removable [false] token present [true].
[do_card] (0x4000): Description [NSS User Private Key and Certificate Services Mozilla
Foundation] Manufacturer [Mozilla Foundation] flags [1] removable [false] token present
[true].
[do_card] (0x4000): Description [[EMPTY] Boring Ent.] Manufacturer [Boring Ent.] flags [2]
removable [true] token present [false].
[do_card] (0x4000): Token not present.
[main] (0x0040): do-work failed.
[main] (Ox0020): p11_child failed!
```