PKCS#11 Security device stops allowing login of CAC credentials
Hello, I use Firefox 75.0 on an Ubuntu 18.04 system to access CAC enabled (smartcards) US government websites. Generally all works as desired. However, intermittently (couple times a day ---> once every few days) the browser simply, quietly refuses to allow the CAC to login, when I visit a CAC-secured site. A browser dialog is presented and asks for my PIN, but closes without error, yet the PIN is not accepted and the site (correctly) refuses access. In my troubleshooting, I found that if I look at the Security Devices tab under Privacy&Security, the PKCS#11 module shows the CAC as not logged in. If I attempt to log in at that page, I get the usual PIN dialog, but after submission, a new message box appears with the notice that "Log in failed", and I can see that module still says Log out.
It appears that some file lock or related mechanism is in effect and needs to be reset. The only solution I have been able to use is close Firefox completely (all windows), and restart. This works but not desired as I have several different sites I'm active on, and each requires separate logins.
Any suggestions for further troubleshooting would be appreciated. My forays into Google searches all end up as help to get CAC card working, which is not my problem. The card works until Firefox (or something related in the middleware) freezes and the only recourse is to restart.
Cheers, --Jim
Módosította: Jim Parker,
Összes válasz (2)
This hasn't received a lot of attention, so I'm trying to provide some more information in the hopes that someone can help me troubleshoot. This affects many of my co-workers so you'd have the gratitude of several if this could be resolved.
Typically, the freezes in logins occur after wake up from suspend/hibernate. So I thought it was a hardware/OS problem. And maybe it is, but even though I cannot use the card on Firefox, I can scan the card with
pcsc_scan
so the reader is functioning correctly, and I can use
ssh
to access Kerberos sites that require the same smartcard. The point is that other software is able to access functions on the card and send appropriate credentials, while Firefox is frozen out.
Maybe try Firefox from the Mozilla server to see if that version works better.