How to query expiration date, and failed pin attempts.

[RidesTheShortBus]

I don't see where someone can query the expiration date of the CAC, it would be nice to be able to do that without downloading the DoD CRLs and searching for the Issuer and Serial Number of the CAC.

I have an expired CAC and C_Login() still lets me login.

Also, If I fail to login more than 3 times with an improper PIN, it will still let me login with the correct PIN. Most security practices require the CAC to be invalidated after 3 failed attempts. Is there a way to read and write the number of failed attempts to the CAC. So if I fail 3 times on my Linux machine, I can't just login to my Windows machine anymore either.

[kfogel]

Hi, @RidesTheShortBus. Although there's nothing wrong with filing the issue here, please be aware that this isn't really a development repository for CACKey. It's more just a place from which someone could clone the code using git.

It looks like CACKey is under active development at http://cackey.rkeene.org/, actually. (Which makes me wonder if the Conservatory should maintain a copy at all, hmm. But maybe we should, because I don't see any way to report issues at the CACKey upstream home site, and the version control system being used there is unusual too -- Fossil SCM, which looks interesting and is itself actively maintained, but as of right now is not widely used.)

Anyway, I digress. It's certainly fine to file an issue here -- that way at least there's a log of issues, something that doesn't seem to be available upstream. I just wanted to set expectations about the likelihood of a technical response here.

Best regards,
-Karl

[RidesTheShortBus]

Yep, I'm aware, and thanks for the response too.

The reason I posted it here was because I figured more people would see it, hoping that someone has come across the same questions I have. Or just hoping to find anyone whose actually attempted to use this code besides me.

Googling questions and only finding github source code and the guy's webpage as opposed to an answered stackoverflow question is pretty depressing.

[kfogel]

:-) Yeah -- there's some selection bias here, though: this might be a user base where most of their discussions don't appear on Stack Overflow!

[jbjonesjr]

Just to close the loop here as well, the project on forge.mil is not getting the updates from rkeene.org either. That seems to be the current home. I'll open a PR to update the readme. (and maybe 🔥 down all the files in this repo since it is being maintained?

this is an interesting situation cc/ @johnmod3

[johnmod3]

Yeah lots of projects on forge.mil are abandoned. Or open source code
posted from the outside world left to rot, with no one updating it
someone should develop a supply chain solution
:-)

---

John Scott
240.401.6574
< jms3rd@gmail.com >
http://powdermonkey.blogs.com
@johnmscott

On November 3, 2016 at 10:24:17 AM, Jamie Jones (notifications@github.com)
wrote:

Just to close the loop here as well, the project on forge.mil is not
getting the updates from rkeene.org either. That seems to be the current
home. I'll open a PR to update the readme. (and maybe 🔥 down all the files
in this repo since it is being maintained?

this is an interesting situation cc/ @johnmod3 https://github.com/johnmod3

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#4 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAVH5jew1uw0Eh75jEFrkFfhzZQIeVsuks5q6gqxgaJpZM4KRBET
.

[jbjonesjr]

@johnmod3 I guess the question is if @rkeene is maintaining the code on his own VCS, does it still belong in the Conservatory?

[kfogel]

That's a good question, @jbjonesjr. I think it's a close call. We never considered the question of what to do if someone is maintaining a project in a VCS, but it's an unusual VCS that constitutes a small-but-noticeable obstacle to those who want to follow development (or fork, or contribute, etc) in a VCS-enabled way.

I guess the decisive factor here is that the upstream provides no way for users to register feedback. There's no bug tracker in which to file tickets; there's no way to submit a PR (or whatever the equivalent is in Fossil); there's no way to register an account so one can say something in the wiki, and as you can see only @rkeene makes edits in the wiki. That lack of feedback channels is unusual, and makes me think that retaining this copy in the Conservatory is useful, because it's pretty much the only place for people other than @rkeene to have conversations abotu CACKey right now. I don't know who's going to keep this copy up-to-date though :-(.