Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

PKCS#11 Security device stops allowing login of CAC credentials

  • 2 replies
  • 1 has this problem
  • 12 views
  • Last reply by cor-el

more options

Hello, I use Firefox 75.0 on an Ubuntu 18.04 system to access CAC enabled (smartcards) US government websites. Generally all works as desired. However, intermittently (couple times a day ---> once every few days) the browser simply, quietly refuses to allow the CAC to login, when I visit a CAC-secured site. A browser dialog is presented and asks for my PIN, but closes without error, yet the PIN is not accepted and the site (correctly) refuses access. In my troubleshooting, I found that if I look at the Security Devices tab under Privacy&Security, the PKCS#11 module shows the CAC as not logged in. If I attempt to log in at that page, I get the usual PIN dialog, but after submission, a new message box appears with the notice that "Log in failed", and I can see that module still says Log out.

It appears that some file lock or related mechanism is in effect and needs to be reset. The only solution I have been able to use is close Firefox completely (all windows), and restart. This works but not desired as I have several different sites I'm active on, and each requires separate logins.

Any suggestions for further troubleshooting would be appreciated. My forays into Google searches all end up as help to get CAC card working, which is not my problem. The card works until Firefox (or something related in the middleware) freezes and the only recourse is to restart.

Cheers, --Jim

Modified by Jim Parker

All Replies (2)

more options

This hasn't received a lot of attention, so I'm trying to provide some more information in the hopes that someone can help me troubleshoot. This affects many of my co-workers so you'd have the gratitude of several if this could be resolved.

Typically, the freezes in logins occur after wake up from suspend/hibernate. So I thought it was a hardware/OS problem. And maybe it is, but even though I cannot use the card on Firefox, I can scan the card with

 pcsc_scan

so the reader is functioning correctly, and I can use

 ssh

to access Kerberos sites that require the same smartcard. The point is that other software is able to access functions on the card and send appropriate credentials, while Firefox is frozen out.

Helpful?

more options

Maybe try Firefox from the Mozilla server to see if that version works better.

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.