[Pcsclite-muscle] Segregation of Yubikey by user

Ludovic Rousseau ludovic.rousseau at gmail.com
Thu Jan 20 04:00:47 PST 2022

Le jeu. 20 janv. 2022 à 11:47, Romain Griffiths
<romain.griffiths at gmail.com> a écrit :
> Hi,


> I am trying to segregate my activities between 2 users running side by side.
> For each of the users I would like to have a different yubikey.
> This is my pcsc_scan:
> 0: Yubico YubiKey OTP+FIDO+CCID 00 00
> 1: Yubico YubiKey OTP+FIDO+CCID 01 00
> First Problem: I cannot choose which card to use
> I tried setting reader-port in scdaemon.conf with no success.
> Is there a way to specify which Yubikey to use ?

You would need something like PCSCLITE_FILTER_IGNORE_READER_NAMES but
on the client side. So you can configure 2 clients with 2 different
See https://ludovicrousseau.blogspot.com/2015/12/remove-andor-customize-pcsc-reader-names.html

But your 2 devices have the same name. So it will be difficult to
differentiate them.
It would help if the YubiKey had a serial number.
See https://ludovicrousseau.blogspot.com/2010/05/what-is-in-pcsc-reader-name.html

> Second Problem:
> If I try a gpg --card-status when another user is already logged in it get a:
> gpg: selecting card failed: No such device
> gpg: OpenPGP card not available: No such device

See https://ludovicrousseau.blogspot.com/2019/06/gnupg-and-pcsc-conflicts.html

> Is it possible to have user1 with full control on Yubikey1 and user2
> with full control on Yubikey2 ?

But not without some configuration.


 Dr. Ludovic Rousseau

More information about the pcsclite-muscle mailing list