On OS X 10.9 there was a pcscd IIRC, but that seems to be gone.
On 10.10 there's a process that seems to run all the time:
Code:
/System/Library/Frameworks/PCSC.framework/Versions/A/XPCServices/com.apple.ctkpcscd.xpc/Contents/MacOS/com.apple.ctkpcscd
When you use the NEO smartcard for the first time with gpg-agent and ssh, the list of related processes grows:
Code:
/System/Library/Frameworks/PCSC.framework/Versions/A/XPCServices/com.apple.ctkpcscd.xpc/Contents/MacOS/com.apple.ctkpcscd
pcsc-wrapper -- 1 /System/Library/Frameworks/PCSC.framework/PCSC
/System/Library/Frameworks/PCSC.framework/Versions/A/XPCServices/com.apple.ctkpcscd.xpc/Contents/MacOS/com.apple.ctkpcscd
In any case, I can't seem to make it work from the guest. The extra two processes are not even launched when I try to use the smartcard from the guest. Moreover, having the guest running with the USB filter for NEO prevents the smartcard from working correctly with gpg-agent on the host itself. No idea why. Disable those filters and the guest does not interfere with the smartcard and gpg-agent on the host anymore.
---
There is a workaround:
Don't do anything on the guest. On the host, enable "ForwardAgent yes" for the range of IPs where the guests are. Then ssh from the host to the guest.
Now, on the guest, if you try to ssh anywhere, the authentication requests will be forwarded back to the host through the ssh chain. If gpg-agent is enabled on the host, your guest-run ssh session will be authenticated against the smartcard.
Of course, for this to work, before all you must ssh into the guest from the host. And then you're still subject to the smartcard issues that are plaguing OS X 10.10, like this one:
viewtopic.php?f=26&t=1656Perhaps those issues are what cause the guest to not be able to use the NEO plugged into the host. I don't have a way to tell for sure.
Login
FAQ
Search
