January 2011

eToken PASS in open environment

I bought promo pack of 5 Aladdin eToken PASS units, the tokens comes with serial number in this format: XXXX-XXXX-XXXX-XXXX activated for free on the website of the manufacturer only one time of course, then used token purchased from ebay usually are unusable.

The activation consists in a zip containing two ldif format dat files, you can extract the token key parsing the text from “importAlpine.dat” file:

sccAuthenticatorId: (means token serial number) sccKey= (means token key)

eToken PASS are event based tokens, I’ve tested successfully using otptool, part of mod-authn-otp.

AIX LPAR – CDROM device relase

When AIX will not release /dev/cd0 device (after umount any associted filesystems), and you get busy device error on dlpar operations, use this command to kill all processes that take busy resource:

# fuser -k -x -u -c /dev/cd0

Usually in pSeries hardware configuration is connected to a scsi controller by scsi-to-ide/sas/sata or other terrible solution bridge.

To made all this operation faster you can identify pci parent adapter and remove recursively all device.

Identify:

# lsdev -l cd0 -F parent
scsi0
# lsdev -l scsi0 -F parent
sisscsia0
# lsdev -l sisscsia0 -F parent
pci10

Remove:


# rmdev -Rdl pci10
cd0 deleted
ses0 deleted
scsi0 deleted
sisscsia0 deleted
pci10 deleted

Then you can move the controller from HMC to another LPAR

Omikey Cardman 4040 – Linux FC14

In this post I describe how to get works OMNIKEY Cardman 4040, a pcmcia smartcard reader/writer under Linux Ferdora 14 using manufacturer PC/SC driver.

1. Install the required packages:

[root@thinkleo1 ~]# yum install pcsc-lite openct opensc

2. Configure OpenSC

With PC/SC cardbus access OpenCT is useless but without that daemon, on every smartcard operational commad you get lot of this erros:

Error: can't open /var/run/openct/status: No such file or directory

Then to avoid (openct/opensc/pcscd) conflicts I prefer to disable openct framework like this:

Substitute into /etc/opensc.conf :

reader_drivers = openct, pcsc, ctapi;

With (if is not present, add this under “app default” context):

reader_drivers = pcsc, ctapi;

Stop OpenCT daemon:

[root@thinkleo1 ~]# /etc/init.d/openct stop

3. Install PC/SC driver

Download PC/SC driver for Linux form:

http://www.hidglobal.com/

Actual release is “ifdok_cm4040_lnx-2.0.0.tar.gz” this file contains a nice installer, but doesn’t work under fedora, then proceed manually:

[root@thinkleo1 ~]# tar -xvf ifdok_cm4040_lnx-2.0.0.tar.gz
[root@thinkleo1 ~]# cd ifdok_cm4040_lnx-2.0.0
[root@thinkleo1 ifdok_cm4040_lnx-2.0.0]# cp ifdok_cm4040_lnx-2.0.0.so /usr/lib/pcsc/drivers/

Create file: /etc/reader.conf.d/cardman4040.conf

With this content (adjust that if you have more that one pcmcia slot) :

#
# Configuration file for CardMan 4040 smartcard reader.
#
FRIENDLYNAME "OMNIKEY CardMan 4040 Socket 0"
DEVICENAME /dev/cmx0
LIBPATH /usr/lib/pcsc/drivers/ifdok_cm4040_lnx-2.0.0.so
CHANNELID 0

Now insert the smartcard reader into pcmcia slot and restart pcscd:

[root@thinkleo1 ~]# /etc/init.d/pcscd restart

4. Test the reader:

If all works fine you can get this output:

[root@thinkleo1 ~]# opensc-tool -l
Readers known about:
Nr. Driver Name
0 pcsc OMNIKEY CardMan 4040 Socket 0 00 00
[root@thinkleo1 ~]#

Now the reader is ready to use.