[Pcsclite-muscle] Segregation of Yubikey by user
Ludovic Rousseau
ludovic.rousseau at gmail.com
Thu Jan 20 04:00:47 PST 2022
Le jeu. 20 janv. 2022 à 11:47, Romain Griffiths
<romain.griffiths at gmail.com> a écrit :
>
> Hi,
Hello,
> I am trying to segregate my activities between 2 users running side by side.
> For each of the users I would like to have a different yubikey.
>
> This is my pcsc_scan:
> 0: Yubico YubiKey OTP+FIDO+CCID 00 00
> 1: Yubico YubiKey OTP+FIDO+CCID 01 00
>
> First Problem: I cannot choose which card to use
> I tried setting reader-port in scdaemon.conf with no success.
>
> Is there a way to specify which Yubikey to use ?
You would need something like PCSCLITE_FILTER_IGNORE_READER_NAMES but
on the client side. So you can configure 2 clients with 2 different
configurations.
See https://ludovicrousseau.blogspot.com/2015/12/remove-andor-customize-pcsc-reader-names.html
But your 2 devices have the same name. So it will be difficult to
differentiate them.
It would help if the YubiKey had a serial number.
See https://ludovicrousseau.blogspot.com/2010/05/what-is-in-pcsc-reader-name.html
> Second Problem:
> If I try a gpg --card-status when another user is already logged in it get a:
> gpg: selecting card failed: No such device
> gpg: OpenPGP card not available: No such device
See https://ludovicrousseau.blogspot.com/2019/06/gnupg-and-pcsc-conflicts.html
> Is it possible to have user1 with full control on Yubikey1 and user2
> with full control on Yubikey2 ?
Maybe.
But not without some configuration.
Bye
--
Dr. Ludovic Rousseau
More information about the pcsclite-muscle
mailing list