adding this as well.. command output for p11_child after saving to sssd_auth_ca_db.pem cat fake-smartcard-ca.crt >> /etc/sssd/pki/sssd_auth_ca_db.pem
user1@ubuntu:~$ sudo /usr/libexec/sssd/p11_child --pre -d 10 --debug-fd=2 --ca_db=/etc/sssd/pki/sssd_auth_ca_db.pem [p11_child[1163]] [main] (0x0400): p11_child started. [p11_child[1163]] [main] (0x2000): Running in [pre-auth] mode. [p11_child[1163]] [main] (0x2000): Running with effective IDs: [0][0]. [p11_child[1163]] [main] (0x2000): Running with real IDs [0][0]. [p11_child[1163]] [do_card] (0x4000): Module List: [p11_child[1163]] [do_card] (0x4000): common name: [p11-kit-trust]. [p11_child[1163]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so]. [p11_child[1163]] [do_card] (0x4000): Description [/etc/ssl/certs/ca-certificates.crt] Manufacturer [PKCS#11 Kit] flags [1] removable [false] token present [true]. [p11_child[1163]] [do_card] (0x4000): common name: [opensc-pkcs11]. [p11_child[1163]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so]. [p11_child[1163]] [do_card] (0x4000): Description [Gemalto Gemplus USB SmartCard Reader 433-Swap [CCID Interface...] Manufacturer [QEMU] flags [7] removable [true] token present [true]. [p11_child[1163]] [do_card] (0x4000): Token label [Fake Smart Card CA]. [p11_child[1163]] [do_slot] (0x4000): Found [Fake Smart Card CA] in slot [Gemalto Gemplus USB SmartCard Reader 433-Swap [CCID Interface...][0] of module [1][/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so]. [p11_child[1163]] [do_slot] (0x4000): Login NOT required. [p11_child[1163]] [read_certs] (0x4000): found cert[CAC ID Certificate][/CN=Fake Smart Card CA] [p11_child[1163]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. [p11_child[1163]] [read_certs] (0x4000): found cert[CAC Email Signature Certificate][/CN=Fake Smart Card CA] [p11_child[1163]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. [p11_child[1163]] [read_certs] (0x4000): found cert[CAC Email Encryption Certificate][/CN=Fake Smart Card CA] [p11_child[1163]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. [p11_child[1163]] [do_slot] (0x4000): (null) /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so (null) Fake Smart Card CA (null) - no label given- 0003. [p11_child[1163]] [do_slot] (0x4000): uri: pkcs11:library-description=OpenSC%20smartcard%20framework;library-manufacturer=OpenSC%20Project;library-version=0.26;slot-description=Gemalto%20Gemplus%20USB%20SmartCard%20Reader%20433-Swap%20%5BCCID%20Interface...;slot-manufacturer=QEMU;slot-id=0;model=PKCS%2315%20emulated;manufacturer=Common%20Access%20Card;serial=000058bd002c19b5;token=Fake%20Smart%20Card%20CA;id=%00%03;object=CAC%20Email%20Encryption%20Certificate;type=cert. [p11_child[1163]] [do_slot] (0x4000): (null) /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so (null) Fake Smart Card CA (null) - no label given- 0002. [p11_child[1163]] [do_slot] (0x4000): uri: pkcs11:library-description=OpenSC%20smartcard%20framework;library-manufacturer=OpenSC%20Project;library-version=0.26;slot-description=Gemalto%20Gemplus%20USB%20SmartCard%20Reader%20433-Swap%20%5BCCID%20Interface...;slot-manufacturer=QEMU;slot-id=0;model=PKCS%2315%20emulated;manufacturer=Common%20Access%20Card;serial=000058bd002c19b5;token=Fake%20Smart%20Card%20CA;id=%00%02;object=CAC%20Email%20Signature%20Certificate;type=cert. [p11_child[1163]] [do_slot] (0x4000): (null) /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so (null) Fake Smart Card CA (null) - no label given- 0001. [p11_child[1163]] [do_slot] (0x4000): uri: pkcs11:library-description=OpenSC%20smartcard%20framework;library-manufacturer=OpenSC%20Project;library-version=0.26;slot-description=Gemalto%20Gemplus%20USB%20SmartCard%20Reader%20433-Swap%20%5BCCID%20Interface...;slot-manufacturer=QEMU;slot-id=0;model=PKCS%2315%20emulated;manufacturer=Common%20Access%20Card;serial=000058bd002c19b5;token=Fake%20Smart%20Card%20CA;id=%00%01;object=CAC%20ID%20Certificate;type=cert. [p11_child[1163]] [do_slot] (0x4000): Found certificate has key id [0003]. [p11_child[1163]] [do_slot] (0x4000): Found certificate has key id [0002]. [p11_child[1163]] [do_slot] (0x4000): Found certificate has key id [0001]. 0 Fake Smart Card CA /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so 0003 CAC Email Encryption Certificate MIICzDCCAbSgAwIBAgIFAMc9E9MwDQYJKoZIhvcNAQELBQAwHTEbMBkGA1UEAxMSRmFrZSBTbWFydCBDYXJkIENBMB4XDTI1MDcxNDE5MjUyNloXDTI1MTAxNDE5MjUyNlowHTEbMBkGA1UEAxMSRmFrZSBTbWFydCBDYXJkIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IBYyBQl64BYf1zDSCvRgZWcJIhfzJY1yihagK0DId2ySACQGFf36XJgMS5+av84U27m0KPZmKdPOCytveXgzG2Wx5TE15DHESVDsTYIdpQwXYUtb+r5hGYK6qlYbRfLNRS4H/5JjwJNIU0AyS4lbqCK6vP8/jzeD7GW4cIWl72ODe3lh2J0d7B73Le4HHBzr9OHHU47g99wPbOEMah7EE5tCzRejW+IYNw/GacHc1zH+KN634rKpJVpExfoUEQeeV7QJBwuFYWTSTlfmTGEWJOx7Dpk7NaRNYYlWo8D6rrCE+6IA68Q67TnpovqG/VPuf9Mpc86w8oMco6XeoXqPwIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAFaO/3Wc+B9/OHlVlmPZS1m/em6AmB5vQRb+epKGsV4vSM7GZFp9SNMEbPxGUjaWuHoDBZBHl3sQawFpr4HcGiKvYMC8NmDsFjREIA8IggUO16c+DrxkQGgPjI+OSpzKLsFMs0ns7qWR8XZb7RrhyIRLimFGi/I1IjTl6gv96DksRSDKNduHQIoa1Kb0rFg7HWoDah3tYzahIgIa/TDXQxpxUQKYrmM2P7eqEvnhzwxYeUojR6ne5LE6R8ObwoeKMTm0lKhpLyh3hSqNC8kVye9ZXU5E/3iGpd9Am8B4+aOMCzs1pZwyhkhXVfqy53S9QEow8cPAHaI8ALjOJKtIM3 Fake Smart Card CA /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so 0002 CAC Email Signature Certificate MIICzDCCAbSgAwIBAgIFAMc9E9MwDQYJKoZIhvcNAQELBQAwHTEbMBkGA1UEAxMSRmFrZSBTbWFydCBDYXJkIENBMB4XDTI1MDcxNDE5MjUyNloXDTI1MTAxNDE5MjUyNlowHTEbMBkGA1UEAxMSRmFrZSBTbWFydCBDYXJkIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IBYyBQl64BYf1zDSCvRgZWcJIhfzJY1yihagK0DId2ySACQGFf36XJgMS5+av84U27m0KPZmKdPOCytveXgzG2Wx5TE15DHESVDsTYIdpQwXYUtb+r5hGYK6qlYbRfLNRS4H/5JjwJNIU0AyS4lbqCK6vP8/jzeD7GW4cIWl72ODe3lh2J0d7B73Le4HHBzr9OHHU47g99wPbOEMah7EE5tCzRejW+IYNw/GacHc1zH+KN634rKpJVpExfoUEQeeV7QJBwuFYWTSTlfmTGEWJOx7Dpk7NaRNYYlWo8D6rrCE+6IA68Q67TnpovqG/VPuf9Mpc86w8oMco6XeoXqPwIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAFaO/3Wc+B9/OHlVlmPZS1m/em6AmB5vQRb+epKGsV4vSM7GZFp9SNMEbPxGUjaWuHoDBZBHl3sQawFpr4HcGiKvYMC8NmDsFjREIA8IggUO16c+DrxkQGgPjI+OSpzKLsFMs0ns7qWR8XZb7RrhyIRLimFGi/I1IjTl6gv96DksRSDKNduHQIoa1Kb0rFg7HWoDah3tYzahIgIa/TDXQxpxUQKYrmM2P7eqEvnhzwxYeUojR6ne5LE6R8ObwoeKMTm0lKhpLyh3hSqNC8kVye9ZXU5E/3iGpd9Am8B4+aOMCzs1pZwyhkhXVfqy53S9QEow8cPAHaI8ALjOJKtIM3 Fake Smart Card CA /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so 0001 CAC ID Certificate MIICzDCCAbSgAwIBAgIFAMc9E9MwDQYJKoZIhvcNAQELBQAwHTEbMBkGA1UEAxMSRmFrZSBTbWFydCBDYXJkIENBMB4XDTI1MDcxNDE5MjUyNloXDTI1MTAxNDE5MjUyNlowHTEbMBkGA1UEAxMSRmFrZSBTbWFydCBDYXJkIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IBYyBQl64BYf1zDSCvRgZWcJIhfzJY1yihagK0DId2ySACQGFf36XJgMS5+av84U27m0KPZmKdPOCytveXgzG2Wx5TE15DHESVDsTYIdpQwXYUtb+r5hGYK6qlYbRfLNRS4H/5JjwJNIU0AyS4lbqCK6vP8/jzeD7GW4cIWl72ODe3lh2J0d7B73Le4HHBzr9OHHU47g99wPbOEMah7EE5tCzRejW+IYNw/GacHc1zH+KN634rKpJVpExfoUEQeeV7QJBwuFYWTSTlfmTGEWJOx7Dpk7NaRNYYlWo8D6rrCE+6IA68Q67TnpovqG/VPuf9Mpc86w8oMco6XeoXqPwIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAFaO/3Wc+B9/OHlVlmPZS1m/em6AmB5vQRb+epKGsV4vSM7GZFp9SNMEbPxGUjaWuHoDBZBHl3sQawFpr4HcGiKvYMC8NmDsFjREIA8IggUO16c+DrxkQGgPjI+OSpzKLsFMs0ns7qWR8XZb7RrhyIRLimFGi/I1IjTl6gv96DksRSDKNduHQIoa1Kb0rFg7HWoDah3tYzahIgIa/TDXQxpxUQKYrmM2P7eqEvnhzwxYeUojR6ne5LE6R8ObwoeKMTm0lKhpLyh3hSqNC8kVye9ZXU5E/3iGpd9Am8B4+aOMCzs1pZwyhkhXVfqy53S9QEow8cPAHaI8ALjOJKtIM3 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2110521 Title: Continue searching other PKCS#11 tokens if certificates are not found To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2110521/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
