Todo #11933
closed
PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional
0%
Description
In 2.5.0/21.02 we added the pcscd service to builds for #9878 and it gets run at startup in all cases to handle certain cryptographic smart cards (e.g. PCKS#11). It consumes resources unnecessarily in the majority of cases where it is not needed. It should be made optional and disabled by default on new installations.
Related issues
Updated by Jim Pingle over 3 years ago
- Related to Bug #12095: Memory leak in pcscd added
Updated by Viktor Gurov over 3 years ago
Updated by Jim Pingle over 3 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho over 3 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Viktor Gurov
PR has been merged. Thanks!
Updated by Steve Wheeler over 3 years ago
This option should probably have a warning on it to let users know un-selecting it will restart all IPSec tunnels.
Updated by Viktor Gurov over 3 years ago
Steve Wheeler wrote in #note-5:
This option should probably have a warning on it to let users know un-selecting it will restart all IPSec tunnels.
Most of the IPsec Settings restarts all tunnels,
see `$needsrestart` in https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/vpn_ipsec_settings.php
Updated by Jim Pingle over 3 years ago
- Status changed from Feedback to New
Tested this both on snapshots and on release systems with afcc0e9c97c1993ae6b95f886665fcb4375d26c7 applied via system patches package. The pcscd daemon is no longer running or configured which is great.
The pcscd service still shows up in the service list as stopped rather than being hidden when the option is disabled. We should probably hide when it's not needed that so it doesn't confuse users.
I have not tested PKCS#11 with the option enabled, however. Someone with the appropriate hardware and setup for that will also need to ensure it works before we close this.
Updated by Viktor Gurov over 3 years ago
hide pcscd from the service list if not enabled:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/304
Updated by Jim Pingle over 3 years ago
- Status changed from New to Pull Request Review
Updated by Jim Pingle about 3 years ago
- Status changed from Feedback to Resolved
Service is no longer running by default, service is not in the list when disabled.
Updated by Viktor Gurov about 3 years ago
- Related to Bug #12468: Stopping IPsec daemon on the Status / Services page lead to log files flooding if pcscd daemon is enabled added
Updated by Jim Pingle about 3 years ago
- Plus Target Version changed from 21.09 to 22.01