http://bugzilla.novell.com/show_bug.cgi?id=580144 http://bugzilla.novell.com/show_bug.cgi?id=580144#c0 Summary: openct: ownership mismatch between openct,conf and HAL Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: Other OS/Version: openSUSE 11.2 Status: NEW Severity: Major Priority: P5 - None Component: Hotplug AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: hwit@a-domani.nl QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.7) Gecko/20100106 Ubuntu/9.10 (karmic) Firefox/3.5.7 Prior to 11.0 (eg: 10.3) the (relevant top) lines from /etc/openct.conf read: # Path to ifdhandler ifdhandler = /usr/sbin/ifdhandler; Since 11.0 (and still in 11.2) this has been changed into: ifdhandler { program = /usr/sbin/ifdhandler ; # # Safe to disable force_poll: # >=linux-2.6.27.14 # >=linux-2.6.28.3 # force_poll = 1; user = scard; groups = { scard, }; }; When plugging in an etoken (smartcard + usb-reader) one gets the error in syslog: Feb 11 14:04:15 wt8510w ifdhandler[7409]: Unable to open USB device /dev/bus/usb/007/005: Permission denied Feb 11 14:04:15 wt8510w ifdhandler[7409]: usb:/dev/bus/usb/007/005: initialization failed (driver etoken64) Feb 11 14:04:15 wt8510w ifdhandler[7409]: unable to open reader etoken64 usb /dev/bus/usb/007/005 Reason for this is, that in the corresponding HAL-file, permissions are not set: In /usr/lib/hal/hald-addon-openct are the corresponding two lines (19,20) still in comment. Reproducible: Always Steps to Reproduce: 1. Insert etoken (aladdin, or omnikey) 2. issue any opensc commands, like cardos-info 3. watch syslog Actual Results: Unable to open USB device /dev/bus/usb/007/005: Permission denied usb:/dev/bus/usb/007/005: initialization failed (driver etoken64) unable to open reader etoken64 usb /dev/bus/usb/007/005 1) either DO NOT SET the owner in /etc/openct.conf (putting the line in #comment solves the problem) 2) or uncomment lines 19,20 in /usr/lib/hal/hald-addon-openct (chmod and chown) that works as well. 3) Andreas Jellinghaus (from opensc) strongly recommends a upgrade to the latest version: default 0.6.17-3.1, on the OBS is 0.16.17-21.3 available, while openct 0.6.20 has been released. I've raised severity to "major", as security-tokens don't work any more without either change (1 or 2) above. (as said, in 10.3, the user was NOT set) For current versions (11.0 / 11.2) a security patch should be not that difficult, ether a new /etc/openct.conf or /usr/lib/hal/hald-addon-openct I understand that for the upcoming 11.3 the use of "hal" is depreciated... -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.