Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    "pcscd PC/SC Smart Card Daemon" ?

    Scheduled Pinned Locked Moved General pfSense Questions
    70 Posts 22 Posters 29.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chudakC
      chudak @mw
      last edited by

      @mw said in "pcscd PC/SC Smart Card Daemon" ?:

      This code was added in

      That's useful, thx

      Wonder why it's enabled by default ?!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It won't be enabled by default for long:

        https://redmine.pfsense.org/issues/11933

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 1
        • P
          psp @mw
          last edited by

          @mw said in "pcscd PC/SC Smart Card Daemon" ?:

          Comment out the startup code, like this:

          Just for info, commenting out the startup code and using IPSec, logs are filled up by these errors:
          -- Jul 20 09:28:46 charon 78779 02[CFG] error in C_WaitForSlotEvent: GENERAL_ERROR

          M 1 Reply Last reply Reply Quote 1
          • M
            mw @psp
            last edited by

            @psp Thanks for the heads up. I don't currently make use of IPsec so didn't think about the consequences.

            1 Reply Last reply Reply Quote 0
            • viktor_gV
              viktor_g Netgate
              last edited by

              You can use 299.diff patch on 21.05/2.5.2

              after applying you can disable pcscd on the VPN/ IPsec / Advanced Settings page:
              Screenshot from 2021-07-21 11-21-38.png

              chudakC 1 Reply Last reply Reply Quote 2
              • chudakC
                chudak @viktor_g
                last edited by

                @viktor_g said in "pcscd PC/SC Smart Card Daemon" ?:

                You can use 299.diff patch on 21.05/2.5.2

                after applying you can disable pcscd on the VPN/ IPsec / Advanced Settings page:
                Screenshot from 2021-07-21 11-21-38.png

                I applied the patch and enabled PKCS#11 Support (which I don't use BTW)

                Saw the service go red and then green again, I guess restarted.

                db1ba327-76a5-4825-a6da-1d7df16109c3-image.png

                a1707664-e498-41aa-9ac6-82e65828a81e-image.png

                I thought the service would be completely removed and not sure what exactly changed ?

                Thx

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  If you don't want it and don't use it, why did you go out of your way to enable it?

                  It's off by default which is what you'll want. After applying the patch, leave the box unchecked and then reboot.

                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  chudakC O 2 Replies Last reply Reply Quote 0
                  • chudakC
                    chudak @jimp
                    last edited by

                    @jimp said in "pcscd PC/SC Smart Card Daemon" ?:

                    If you don't want it and don't use it, why did you go out of your way to enable it?

                    See the initial post above, I am still trying to get rid of it exactly because I don't use it :)

                    It's off by default which is what you'll want. After applying the patch, leave the box unchecked and then reboot.

                    I did that and still see the red "pcscd PC/SC Smart Card Daemon" in the Service Status. Is it expected? If the answer is yes, why ?

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      The service is still there/defined but disabled. Several other services work the same way. Though it may not take much to hide it in this case. It's not a problem.

                      Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      chudakC 2 Replies Last reply Reply Quote 1
                      • chudakC
                        chudak @jimp
                        last edited by

                        @jimp said in "pcscd PC/SC Smart Card Daemon" ?:

                        The service is still there/defined but disabled. Several other services work the same way. Though it may not take much to hide it in this case. It's not a problem.

                        OK I take that and thank you!

                        Before it was not possible to disable it.

                        It's just odd to see something disabled if you don't use it and even know where it's coming from.

                        1 Reply Last reply Reply Quote 0
                        • chudakC
                          chudak @jimp
                          last edited by

                          @jimp

                          To hide it - is it something that can be done locally?

                          DaddyGoD 1 Reply Last reply Reply Quote 0
                          • DaddyGoD
                            DaddyGo @chudak
                            last edited by

                            @chudak said in "pcscd PC/SC Smart Card Daemon" ?:

                            To hide it - is it something that can be done locally?

                            We, for example, are not as bothered by this as you are ๐Ÿ˜‰

                            Cats bury it so they can't see it!
                            (You know what I mean if you have a cat)

                            I 1 Reply Last reply Reply Quote 0
                            • jimpJ
                              jimp Rebel Alliance Developer Netgate
                              last edited by

                              I already added a note to the Redmine stating we'll need to hide the service. I'm not certain how long that might take or how much effort it will be. Probably not much but don't quote me on that.

                              It is cosmetic only, it doesn't hurt anything. Not many people sit on the service status screen so it doesn't matter. If it bothers you in the widget you can hide it in the widget (hit the wrench in the titlebar of the service status widget, scroll down, uncheck it, save.)

                              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              1 Reply Last reply Reply Quote 4
                              • I
                                Izaac @DaddyGo
                                last edited by

                                @daddygo I guess you've never been through a security audit. Allow me to give you a sneak peak:
                                Some Overseas Checklist Drone: "Why is this red error on your firewall appliance configuration evidence?"
                                Overworked Administrator: "That feature is disabled."
                                Drone: "Why do you not use this feature of your firewall appliance?"
                                Admin: "Because we do not use smartcards as part of our authentication process."
                                Drone: "Why do you not use smartcards as part of your authentication process?"
                                Admin: "Because there is no hardware support for it and, in this context, it offers no advantages and makes no sense."
                                Drone: "I will be leaving this as an open issue for the configuration of your firewall appliance. Enabling all features for full protection from your firewall appliance is needful."

                                What could (or should) the green/red little icon in the 'Service Status' widget represent? Conformity to the configuration, e.g. if pcscd is not enabled, green shows it correctly stopped and red indicates an error state in which it is operating.

                                Assuming that doesn't happen, here's a horrifying patch to make it disappear and prevent you from having to "please to be doing" anything:

                                --- a/usr/local/www/widgets/widgets/services_status.widget.php    2021-05-28 07:35:21.000000000 -0400
                                +++ b/usr/local/www/widgets/widgets/services_status.widget.php   2021-07-28 08:44:17.790560000 -0400
                                @@ -31,6 +31,11 @@
                                 
                                 $services = get_services();
                                 
                                +// horrifying patch for papering over pcscd
                                +if ($pewpew = array_search('pcscd', array_column($services, 'name'))) {
                                +       array_splice($services, $pewpew, 1);
                                +}
                                +
                                 $numsvcs = count($services);
                                 
                                 for ($idx=0; $idx<$numsvcs; $idx++) {
                                
                                johnpozJ DaddyGoD I 3 Replies Last reply Reply Quote 3
                                • johnpozJ
                                  johnpoz LAYER 8 Global Moderator @Izaac
                                  last edited by

                                  @izaac Oh man that is so true! ;) Sad but true!!

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                                  1 Reply Last reply Reply Quote 0
                                  • DaddyGoD
                                    DaddyGo @Izaac
                                    last edited by

                                    @izaac said in "pcscd PC/SC Smart Card Daemon" ?:

                                    I guess you've never been through a security audit.

                                    No, really, never... maybe teach me how it's done ๐Ÿ˜Š
                                    as Jimp wrote, it's pointless to make a big deal of it, but if you need it just shout it out here..

                                    Thank you for your follow up

                                    Cats bury it so they can't see it!
                                    (You know what I mean if you have a cat)

                                    johnpozJ 1 Reply Last reply Reply Quote 1
                                    • johnpozJ
                                      johnpoz LAYER 8 Global Moderator @DaddyGo
                                      last edited by johnpoz

                                      @daddygo come on dude don't be so serious - that was seriously funny, and spot on.. hehehe

                                      We all get it - but he does have a point about some of the nonsense that can come out of those drone based audits, how many checks can be tallied up without a clue.. But hey these items were discovered that causes extra work and pain for zero reason..

                                      I recall one that just got my dander up.. On why the servers screen savers were not set to lock after 1 minute in the server room

                                      Because its a locked room, in a secured building - and only admins have access to the room.. And 1 minute timeout is counterproductive to actual work.. So its set to 10 minutes..

                                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                                      If you get confused: Listen to the Music Play
                                      Please don't Chat/PM me for help, unless mod related
                                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                                      DaddyGoD 1 Reply Last reply Reply Quote 2
                                      • I
                                        Izaac @Izaac
                                        last edited by Izaac

                                        @izaac @chudak Let's try that again, but now with more system status page, since the widget does let you mask via UI:

                                        --- a/usr/local/www/status_services.php  2021-05-28 07:35:21.000000000 -0400
                                        +++ b/usr/local/www/status_services.php  2021-07-28 09:14:03.699292000 -0400
                                        @@ -64,6 +64,11 @@
                                         
                                         $services = get_services();
                                         
                                        +// horrifying patch for papering over pcscd
                                        +if ($pewpew = array_search('pcscd', array_column($services, 'name'))) {
                                        +       array_splice($services, $pewpew, 1);
                                        +}
                                        +
                                         // $debugsvcs = array('name' => 'captiveportal', 'description' => 'Captive Portal', 'zone' => '14');
                                         // array_push($services, $debugsvcs);
                                         
                                        

                                        Just drop it into the System_Patches package with a Path Strip Count of '1' and a Base Directory of '/', if you're unfamiliar.

                                        GertjanG 1 Reply Last reply Reply Quote 0
                                        • DaddyGoD
                                          DaddyGo @johnpoz
                                          last edited by

                                          @johnpoz said in "pcscd PC/SC Smart Card Daemon" ?:

                                          come on dude don't be so serious - that was seriously funny, and spot on.. hehehe

                                          Nope John, it's not a good day for me, but I don't take it seriously... ๐Ÿ˜‰

                                          either I'm being rude lately or people are so snappy

                                          • yesterday was the same - only with someone else

                                          I don't miss it :)

                                          Cats bury it so they can't see it!
                                          (You know what I mean if you have a cat)

                                          I 1 Reply Last reply Reply Quote 0
                                          • I
                                            Izaac @DaddyGo
                                            last edited by

                                            @daddygo said in "pcscd PC/SC Smart Card Daemon" ?:

                                            it's not a good day for me

                                            Broadband can be so slow.
                                            Sorry to hear that. Hope things work out.

                                            DaddyGoD 1 Reply Last reply Reply Quote 2
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.