On Tue, Dec 03, 2019 at 10:57:55PM -0000, Jeff Thornsen wrote:
Sorry to spam the mailing list, I just figured out my problem.
I was able to use the 'modutil' command to add my custom library into the nssdb
at /etc/pki/nssdb/. Then p11_child was able to locate and use the library to read my
Perhaps there is a smarter way to do this via the update-ca-trust command, but I am OK
with just running modutil after installing our custom SmartCard library.
using 'modutil' is the expected way to add a PKCS#11 module to an NSS
database. There is a helper script 'pkcs11-switch' in the opensc package
which makes it easy to switch between the two PKCS#11 modules provided
by RHEL coolkey and opensc. If you take a look at the script you will
see that 'modutil' is used internally.
When SSSD is using p11-kit, e.g. on RHEL-8, you have to create a
pkcs11.conf file to make p11-kit aware of your PKCS#11 module. See man
pkcs11.conf and e.g. /usr/share/p11-kit/modules/opensc.module for
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines