Hi!
Whenever a user is using wget to fetch a webpage via https, I'll get in messages like this in /var/log/messages:
Code:
2017-09-21T10:54:35+02:00 ninja pcscd[2721]: 03445385 auth.c:137:IsClientAuthorized() Process 48952 (user: 48) is NOT authorized for action: access_pcsc
2017-09-21T10:54:35+02:00 ninja pcscd[2721]: 00000279 winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
This started after upgrading to F26 (or possibly F25 which was installed for a few days). I have no idea why wget (via one of the libraries involved) would try to access the smart card reader without the user telling it to. Even though it fails getting access to a reader (which I've currently got none), the https pages are received just fine.
curl works without triggering these kinds of messages.
Is there anything I could do to stop wget https requests from trying to access a smart card reader (unless told to)? I haven't changed any configuration for wget or the libs so they should be standard F26.
I did however add two polkit rules to grant everyone smart card access to stop the log messages:
Code:
# cat /usr/share/polkit-1/rules.d/org.debian.pcsc-lite.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.debian.pcsc-lite.access_card" &&
action.lookup("reader") == 'name of reader' &&
subject.active ) {
return polkit.Result.YES;
}
});
polkit.addRule(function(action, subject) {
if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
subject.active ) {
return polkit.Result.YES;
}
});
That stopped the log messages but I can't keep it like this if I decide to connect a smart card reader. Any ideas what to do to solve this properly?
Br,
Ted