3463 – Proper smart card support for the Solaris client

Bug 3463 - Proper smart card support for the Solaris client

Summary: Proper smart card support for the Solaris client

Status:	CLOSED FIXED

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	Client platforms (show other bugs)
Version:	3.0.0
Hardware:	PC Unknown

Importance:	P2 Normal
Target Milestone:	4.1.0
Assignee:	Peter Åstrand

URL:
Keywords:	astrand_tester

Depends on:
Blocks:

Reported:	2010-03-31 16:42 CEST by Peter Åstrand
Modified:	2013-06-11 15:12 CEST (History)
CC List:	0 users

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Peter Åstrand cendio

2010-03-31 16:42:49 CEST

Most likely, the Solaris client does not support smart card authentication. We are not building OpenSSH with --with-nss, for example, and we are not shipping libsoftokn3.so.

Comment 1 Pierre Ossman cendio

2012-11-15 10:06:29 CET

We are no longer using NSS, so this should now work on Solaris.

Comment 2 Peter Åstrand cendio

2013-06-04 14:05:09 CEST

Don't know how to test this one - our Solaris machine in the lab does not recognize neither the Gemplus nor the Omnikey readers:

Jun  4 13:41:52 sunray usba: [ID 912658 kern.info] USB 1.10 device (usb8e6,3437) operating at full speed (USB 1.x) on USB 1.10 root hub: device@2, usb_mid2 at bus address 2
Jun  4 13:41:52 sunray usba: [ID 349649 kern.info]      Gemplus USB SmartCard Reader
Jun  4 13:41:52 sunray genunix: [ID 936769 kern.info] usb_mid2 is /pci@1e,600000/usb@a/device@2
Jun  4 13:41:52 sunray genunix: [ID 408114 kern.info] /pci@1e,600000/usb@a/device@2 (usb_mid2) online
Jun  4 13:41:52 sunray usba: [ID 723738 kern.info] /pci@1e,600000/usb@a/device@2 (usb_mid2): no driver found for interface 0 (nodename: 'interface') of Gemplus USB SmartCard Reader
Jun  4 13:53:25 sunray genunix: [ID 408114 kern.info] /pci@1e,600000/usb@a/device@2 (usb_mid2) removed
Jun  4 13:54:58 sunray usba: [ID 912658 kern.info] USB 2.0 device (usb76b,3021) operating at full speed (USB 1.x) on USB 1.10 root hub: device@2, usb_mid2 at bus address 2
Jun  4 13:54:58 sunray usba: [ID 349649 kern.info]      OMNIKEY AG Smart Card Reader USB
Jun  4 13:54:58 sunray genunix: [ID 936769 kern.info] usb_mid2 is /pci@1e,600000/usb@a/device@2
Jun  4 13:54:58 sunray genunix: [ID 408114 kern.info] /pci@1e,600000/usb@a/device@2 (usb_mid2) online
Jun  4 13:54:58 sunray usba: [ID 723738 kern.info] /pci@1e,600000/usb@a/device@2 (usb_mid2): no driver found for interface 0 (nodename: 'interface') of OMNIKEY AG Smart Card Reader USB
Jun  4 13:55:18 sunray genunix: [ID 408114 kern.info] /pci@1e,600000/usb@a/device@2 (usb_mid2) removed

http://support.gemalto.com/?id=pc_usb_tr_and_pc_twin documents that you need to install everything from source; not very fun. OpenCSW does not have any packages related to ccid, opensc, or pcsc. 

So unless somebody knows how to activate the smart card reader on Solaris, I'm not sure we should spend time on this...

Comment 3 Peter Åstrand cendio

2013-06-04 14:47:05 CEST

Realized that this machine has a built in smart card reader. However, we cannot access it, since we linking to libpcsclite.so.1, while the machine only has libpcsclite.so.0. Probably we need to install updates.

Comment 4 Peter Åstrand cendio

2013-06-11 15:09:04 CEST

PCSC on Solaris seems to be in chaos. As I understand it, the implementation shipped with the OS - even with the latest updates - is an really old version. Then, Sun has apparently released updated packages (sometimes using a different package names) which can replace the OS implementation. Here's some information:

http://www.sun-rays.org/srss.html#pc_sc-lite-1.1

Apparently even version 1.3 has been released:

https://blogs.oracle.com/ThinkThin/entry/pc_sc_lite_1_3

Unfortunately, in both cases, the download links refers to cds.sun.com, which does not exist any longer. That host is not even in DNS. 

After some Googling, I've found http://docs.oracle.com/html/E22661_15/Sessions-Smart-Card-Services.html which says:

"The CCID IFD Handler is not provided with the Sun Ray Software 5.2 release. However, you can download the PC/SC-lite 1.3 component from the 5.1.1 Media Pack, which includes the CCID IFD Handler v1.3.10 distribution. Only the CCID IFD handler needs to be installed. PC/SC-lite is already installed with Sun Ray Software 5.2."

The principle seems to be that PC/SC should be fetched from the Sun Ray software distribution. 

After a lot of trouble, I was finally able to download:

Sun Ray Software 5.4 for Oracle Solaris 10 on SPARC (64-bit)

...which contains an updated PC/SC package:

   245688  01-08-2013 16:20   srs_5.4.0.0-Solaris_10.sparc/Components/10-SRSS/Content/Smart_Card_Services_1.6/Solaris_10+/sparc/Packages/SUNWpcsc/reloc/usr/lib/libpcsclite.so.1
...

Comment 5 Peter Åstrand cendio

2013-06-11 15:12:16 CEST

Since libpcsclite.so.1 will not be available on a typical Sun workstation (unless Sun Ray is installed, or you have done some manual tweaks), smart card support for the ThinLinc client will not work. So, we will provide smart card support for the Solaris client on a best effort basis; we will not do full QA testing at this point.

Note You need to log in before you can comment on or make changes to this bug.