I am trying to configure Smart Card authentication on CentOS7 using sssd version 2.2.2
(re-compiled from source, as the official repo for CentOS7 only has sssd 1.16.x, but we
need the certmap features of sssd 2.x).
We use special smart card hardware (Gemalto PrimeID) which requires a custom library
(provided to us from the vendor as RPM and DEB packages). The actual library gets
installed to /usr/lib64/libeTPkcs11.so
If I create a *.module file under either /usr/share/p11-kit/modules or /etc/pkcs11/modules
pointing to /usr/lib64/libeTPkcs11.so, then the command 'p11tool --list-tokens'
properly reads the smartCard and lists the tokens on it.
However, running 'p11_child --pre' (per various other threads from Sumit Bose)
does not even list our custom library (the libeTPkcs11.so) in the Default Module List, so
it fails to read the SmartCard. The only modules listed are '[NSS Internal PKCS #11
Module]' and '[CoolKey PKCS #11 Module]'
Is there some command I need to run in order to register our custom SmartCard library with
NSS or P11-kit such that sssd's p11_child knows how to use it? How does p11_child
locate the available smartCard libraries?