Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > SecureCRT on the Mac

Reply
 
Thread Tools Rate Thread Display Modes
  #1  
Old 04-18-2020, 02:24 AM
snazmeister snazmeister is offline
Registered User
 
Join Date: Apr 2020
Posts: 2
SecureCRT 8.7.1 & PIV

Recently upgraded to 8.7.1 whilst on Catalina 10.15.4.

I am now unable to use PIV on a Yubikey v.5 to access systems.

My settings are to use: /usr/lib/ssh-keychain.dylib or to use /usr/local/lib/opensc-pkcs11.so

Either way, both fail miserably. The opensc previously used to work until I upgraded the client (not the OS).

The error I receive is:

Could not load library '/usr/local/lib/opensc-pkcs11.so': dlopen(/usr/local/lib/opensc-pkcs11.so, 1): no suitable image found. Did find:
/usr/local/lib/opensc-pkcs11.so: code signature in (/usr/local/lib/opensc-pkcs11.so) not valid for use in process using Library Validation: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.
/usr/local/lib/opensc-pkcs11.so: stat() failed with errno=34

Now, when I use this on the terminal of my Mac using:

ssh -I /usr/local/lib/opensc-pkcs11.so <username>@<IP>

it simply works without any issue whatsoever and zero complaints of ad-hoc signing. It seems the client has an issue using it.

Any ideas on how I can bypass this error?
Reply With Quote
  #2  
Old 04-19-2020, 12:51 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,308
Hi snazmeister,

Sure does sound like a bug.

What version of SecureCRT were you using prior to upgrading.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 04-19-2020, 11:38 PM
snazmeister snazmeister is offline
Registered User
 
Join Date: Apr 2020
Posts: 2
Hi Brenda,

I moved from 8.5.x I don't recall exactly which version, but it was working like a dream. I then finally gave in to the push to upgrade and all is now broken.

Hopefully, you guys can get this fixed quickly.

Thanks

Matthew
Reply With Quote
  #4  
Old 04-20-2020, 09:58 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,308
Hi Matthew,

I have submitted this behavior for investigation by the development team. Should progress be made toward a resolution, or further information be requested, I will post in this thread.

If you prefer direct e-mail notification, contact support@vandyke.com and include "Bug Report - Forum Thread #14149" in the subject line.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #5  
Old 04-26-2020, 03:18 PM
decode.chr13 decode.chr13 is offline
Registered User
 
Join Date: Apr 2020
Posts: 6
SecureCRT 8.7.1 & PIV

I'm facing the same issue.
My solution was to downgrade to 8.5.4.

[The other issue posted is found in another thread.]

Last edited by bgagnon; 04-27-2020 at 10:37 AM.
Reply With Quote
  #6  
Old 05-07-2020, 07:54 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,308
Hello,

This issue is resolved in a pre-release build. The fix will be included in v8.7.2, which is expected to be released in one week, on May 14. (Subject to change, of course.)

If you would like to get the pre-release build, please email support@vandyke.com with the email address associated with your download account and reference Forum Thread #14149 in the subject line.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #7  
Old 05-08-2020, 12:18 AM
decode.chr13 decode.chr13 is offline
Registered User
 
Join Date: Apr 2020
Posts: 6
PIV / Get username from certificate

Hello,

I had the same problem with 8.7.1, so I downgraded to 8.5.4.

I 8.5.4 and probably also in 8.7.1 when you select "Get username from certificate" you get 2 options:
1) Common Name = this works correctly and takes the value from CN=
2) Principal Name = this value is NOT ok. It take the entire SubjectName, instead of the value of PrincipalName from subjectAltNames/Other Names.

Maybe you can include this fix too in 8.7.2.

Thanks
Reply With Quote
Reply

Tags
piv 8.7.1 mac


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 12:21 AM.