Can you check the permissions of the pcscd socket?
Thank you, this led me to looking at the messages from the pcscd service and I saw it was generating some errors:
00000000 auth.c:137:IsClientAuthorized() Process 2441 (user: 1000) is NOT authorized for action: access_pcsc
00000474 winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
It looks like OpenSC for CentOS 8 comes with a POLKIT rule that only allows admins to access the service and the hsm. I was able to track down the rule and modify it so that it allows all users to access it.
/usr/share/polkit-1/actions/org.debian.pcsc-lite.policy
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<policyconfig>
<vendor>The PCSC-lite Project</vendor>
<vendor_url>http://pcsclite.alioth.debian.org/</vendor_url>
<!-- <icon_name>smart-card</icon_name> -->
<action id="org.debian.pcsc-lite.access_pcsc">
<description>Access to the PC/SC daemon</description>
<message>Authentication is required to access the PC/SC daemon</message>
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
<action id="org.debian.pcsc-lite.access_card">
<description>Access to the smart card</description>
<message>Authentication is required to access the smart card</message>
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
</policyconfig>
Changing the allow_any to ‘yes’ for both sections resolved the issue.
Our Udev rules are here:
Thank you for the rules, those are much more complete than the ones I was generating!