In the ThinLinc client using Smart Card filters, the GUI for the "Key usage" filter can easily be misunderstood. I made the mistake of assuming that certificates supporting ANY of the selected key usages would be shown. In reality, the client will only show certificates supporting ALL of the selected key usages.
Fortunately our administrator's guide is clear:
> Key usage
> The certificate must have all the key usage bits selected in this window.
> Having more bits than those selected does not exclude a certificate.
I think we can make this more clear in the GUI.
This filter is found here:
Options -> Security -> Smart Card -> Details -> Add new/Edit Certificate filter