Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Поиск в Поддержке

Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Подробнее

PKCS#11 Security device stops allowing login of CAC credentials

  • 2 ответа
  • 1 имеет эту проблему
  • 8 просмотров
  • Последний ответ от cor-el

more options

Hello, I use Firefox 75.0 on an Ubuntu 18.04 system to access CAC enabled (smartcards) US government websites. Generally all works as desired. However, intermittently (couple times a day ---> once every few days) the browser simply, quietly refuses to allow the CAC to login, when I visit a CAC-secured site. A browser dialog is presented and asks for my PIN, but closes without error, yet the PIN is not accepted and the site (correctly) refuses access. In my troubleshooting, I found that if I look at the Security Devices tab under Privacy&Security, the PKCS#11 module shows the CAC as not logged in. If I attempt to log in at that page, I get the usual PIN dialog, but after submission, a new message box appears with the notice that "Log in failed", and I can see that module still says Log out.

It appears that some file lock or related mechanism is in effect and needs to be reset. The only solution I have been able to use is close Firefox completely (all windows), and restart. This works but not desired as I have several different sites I'm active on, and each requires separate logins.

Any suggestions for further troubleshooting would be appreciated. My forays into Google searches all end up as help to get CAC card working, which is not my problem. The card works until Firefox (or something related in the middleware) freezes and the only recourse is to restart.

Cheers, --Jim

Hello, I use Firefox 75.0 on an Ubuntu 18.04 system to access CAC enabled (smartcards) US government websites. Generally all works as desired. However, intermittently (couple times a day ---> once every few days) the browser simply, quietly refuses to allow the CAC to login, when I visit a CAC-secured site. A browser dialog is presented and asks for my PIN, but closes without error, yet the PIN is not accepted and the site (correctly) refuses access. In my troubleshooting, I found that if I look at the Security Devices tab under Privacy&Security, the PKCS#11 module shows the CAC as not logged in. If I attempt to log in at that page, I get the usual PIN dialog, but after submission, a new message box appears with the notice that "Log in failed", and I can see that module still says Log out. It appears that some file lock or related mechanism is in effect and needs to be reset. The only solution I have been able to use is close Firefox completely (all windows), and restart. This works but not desired as I have several different sites I'm active on, and each requires separate logins. Any suggestions for further troubleshooting would be appreciated. My forays into Google searches all end up as help to get CAC card working, which is not my problem. The card works until Firefox (or something related in the middleware) freezes and the only recourse is to restart. Cheers, --Jim

Изменено Jim Parker

Все ответы (2)

more options

This hasn't received a lot of attention, so I'm trying to provide some more information in the hopes that someone can help me troubleshoot. This affects many of my co-workers so you'd have the gratitude of several if this could be resolved.

Typically, the freezes in logins occur after wake up from suspend/hibernate. So I thought it was a hardware/OS problem. And maybe it is, but even though I cannot use the card on Firefox, I can scan the card with

 pcsc_scan

so the reader is functioning correctly, and I can use

 ssh

to access Kerberos sites that require the same smartcard. The point is that other software is able to access functions on the card and send appropriate credentials, while Firefox is frozen out.

more options

Maybe try Firefox from the Mozilla server to see if that version works better.