I'm trying to use a smart card on CentOS but I'm stuck. I'm using OpenSC, and I need to implement a special module to use my smart card (libgtop11dotnet). It doesn't work on CentOS, but I tested on Ubuntu and it works. I changed opensc.conf and pam_pkcs11.conf to be able to use my module (libgtop11donet). The command "pklogin_finder debug" returns infos about the card (but not on CentOS). I tried to realize same modifications on CentOS but I think NSS database (/etc/pki/nssdb) is blocking me (Ubuntu don't need it). I tried to implement the module with modutil but it's doesn't change anything.
Here is the difference between both [pklogin_finder debug] commands :
Ubuntu :
DEBUG:pam_config.c:248: Using config file /etc/pam_pkcs11/pam_pkcs11.conf
DEBUG:pklogin_finder.c:71: loading pkcs #11 module...
DEBUG:pkcs11_lib.c:973: PKCS #11 module = [/usr/local/lib/libgtop11dotnet.so]
DEBUG:pkcs11_lib.c:990: module permissions: uid = 0, gid = 0, mode = 755
DEBUG:pkcs11_lib.c:999: loading module /usr/local/lib/libgtop11dotnet.so
DEBUG:pkcs11_lib.c:1007: getting function list
DEBUG:pklogin_finder.c:79: initialising pkcs #11 module...
DEBUG:pkcs11_lib.c:1155: module information:
DEBUG:pkcs11_lib.c:1156: - version: 2.20
DEBUG:pkcs11_lib.c:1157: - manufacturer: Gemalto
DEBUG:pkcs11_lib.c:1158: - flags: 0000
DEBUG:pkcs11_lib.c:1159: - library description: Gemalto .NET PKCS11
DEBUG:pkcs11_lib.c:1160: - library version: 2.2
DEBUG:pkcs11_lib.c:1050: number of slots (a): 5
DEBUG:pkcs11_lib.c:1073: number of slots (b): 5
DEBUG:pkcs11_lib.c:1086: slot 1:
DEBUG:pkcs11_lib.c:1096: - description: Precise Biometrics Sense MC 00 00
DEBUG:pkcs11_lib.c:1097: - manufacturer: Unknown
DEBUG:pkcs11_lib.c:1098: - flags: 0006
DEBUG:pkcs11_lib.c:1086: slot 2:
DEBUG:pkcs11_lib.c:1096: - description: empty
DEBUG:pkcs11_lib.c:1097: - manufacturer: Unknown
DEBUG:pkcs11_lib.c:1098: - flags: 0006
DEBUG:pkcs11_lib.c:1086: slot 3:
DEBUG:pkcs11_lib.c:1096: - description: empty
DEBUG:pkcs11_lib.c:1097: - manufacturer: Unknown
DEBUG:pkcs11_lib.c:1098: - flags: 0006
DEBUG:pkcs11_lib.c:1086: slot 4:
DEBUG:pkcs11_lib.c:1096: - description: empty
DEBUG:pkcs11_lib.c:1097: - manufacturer: Unknown
DEBUG:pkcs11_lib.c:1098: - flags: 0006
DEBUG:pkcs11_lib.c:1086: slot 5:
DEBUG:pkcs11_lib.c:1096: - description: empty
DEBUG:pkcs11_lib.c:1097: - manufacturer: Unknown
DEBUG:pkcs11_lib.c:1098: - flags: 0006
DEBUG:pklogin_finder.c:95: no token available ***(or certificate's infos if the card is INSERTED)***
CentOS :
DEBUG:pam_config.c:238: Using config file /etc/pam_pkcs11/pam_pkcs11.conf
DEBUG:pkcs11_lib.c:182: Initializing NSS ...
DEBUG:pkcs11_lib.c:192: Initializing NSS ... database=/etc/pki/nssdb
DEBUG:pkcs11_lib.c:210: ... NSS Complete
DEBUG:pklogin_finder.c:71: loading pkcs #11 module...
DEBUG:pkcs11_lib.c:235: Looking up module in list
DEBUG:pkcs11_lib.c:238: modList = 0x18bddf0 next = 0x0
DEBUG:pkcs11_lib.c:239: dllName= <null>
DEBUG:pkcs11_lib.c:285: loading Module explictly, moduleSpec=<library="/usr/local/lib/libgtop11dotnet.so" name="SmartCard"> module=/usr/local/lib/libgtop11dotnet.so
DEBUG:pkcs11_lib.c:299: load module complete
DEBUG:pklogin_finder.c:79: initialising pkcs #11 module...
***(pklogin_finder is pending or print "DEBUG:pklogin_finder.c:95: no token available" if the card is INSERTED)***
Why did it work on Ubuntu (18.4) but not on CentOS (7.4) ?
Thanks in advance,
