<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8"> <META NAME="GENERATOR" CONTENT="GtkHTML/4.8.5"> </HEAD> <BODY> On Út, 2015-05-19 at 09:00 -0400, Thomas Foster wrote: <BLOCKQUOTE TYPE=CITE> David, While using the spice client have you put your cac into your local reader? If so, we're you able to use it? I ask because if you look at my screenshots from my last email I get the same usb device (usbccid), but I also get an extra device that is a problem. <PRE> _______________________________________________ Spice-devel mailing list <A HREF="mailto:Spice-devel@lists.freedesktop.org">Spice-devel@lists.freedesktop.org</A> <A HREF="http://lists.freedesktop.org/mailman/listinfo/spice-devel">http://lists.freedesktop.org/mailman/listinfo/spice-devel</A> </PRE> </BLOCKQUOTE> Hm, I think I start understanding your situation: you're using linux client (CentOS 7?), Windows 7 guest and the smart card doesn't work for you. When you write "drivers in spice client" you actually mean drivers for client OS. That's card-dependent. You need to have a "smart card middleware" installed in the system and registered in nss, e.g.: <PRE> $ modutil -dbdir /etc/pki/nssdb -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal PKCS #11 Module slots: 2 slots attached status: loaded slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services slot: NSS User Private Key and Certificate Services token: NSS Certificate DB 2. CoolKey PKCS #11 Module library name: libcoolkeypk11.so slots: 1 slot attached status: loaded slot: Gemalto PC Twin Reader 00 00 token: spice qe 3. p11-kit library name: /usr/lib64/pkcs11/p11-kit-trust.so slots: 2 slots attached status: loaded slot: /etc/pki/ca-trust/source token: System Trust slot: /usr/share/pki/ca-trust-source token: Default Trust ----------------------------------------------------------- </PRE> Module 2. is the one that provides my smartcard, "slot: Gemalto PC Twin Reader 00 00" is my physical card reader, . Coolkey is not however officially sanctioned in windows (although unofficial builds <A HREF="https://www.nabber.org/projects/coolkey/">exist</A>) so if you intend to use the card in Windows, you'll need a different middleware for it and possibly, you'll need to register it to nss by hand: <PRE> # modutil -dbdir /etc/pki/nssdb -add "some name for your pkcs#11 module" -libfile /usr/lib64/pkcs11/your_fancy_p11_library.so </PRE> once done, the "spice client" will pick up the card automatically and it will show up in the working card reader in Windows with no further configuration. Alternatively, if your card doesn't have linux drivers (or it needs to be formatted by some Windows tool to a format specific for that tool...), the option for you is to use USB redirection of the whole card reader: <IMG SRC="cid:1432043946.5405.57.camel@redhat.com" ALIGN="bottom" BORDER="0"> Then the card won't be obviously available in the client OS but that's kind of irrelevant if it's format need to be incompatible with the client OS anyway. Please note also that I had to stop and mask pcscd in the client system in order to make the reader redirect. Note also that you'll need the driver for the physical reader in the guest OS in this scenario (the Gemalto driver for my card reader was also available through Windows update). The card was not recognized in my case beacause it's CoolKey/RHCS-formatted which would need the driver linked above in Windows: <IMG SRC="cid:1432043946.5405.58.camel@redhat.com" ALIGN="bottom" BORDER="0"> HTH, David </BODY> </HTML>