smartcard user authentication
john wendel
jwendel10 at comcast.net
Sat Mar 27 23:07:38 UTC 2010
On 03/27/2010 02:56 PM, Leslie S Satenstein wrote:
>
> john wendel wrote:
> > Anyone know how to configure Fedora to use a smartcard for user
> > login/authentication?
> >
> > I know that pam has a smartcard module, but I have no idea how to use
> > it. Documentation on the web seems to be pretty old, probably obsolete.
> >
> > A pointer to a web site with working instructions would be much
> > appreciated. I can ditch my Windows box at work if I can get this
> working.
> >
> > Regards,
> >
> > John
> >
> Hi John,
>
> Could you tell us more about the smart card device? How is it hooked up
> to yur computer? Is it a part of the computer? More details would be
> helpful,
>
> -David
>
> PS: Maybe with what you learn in this experience, you could write an
> up-to-date guide.
>
>
> I know of two devices. A smart card reader and a USB plug in smart card
> device (www.spyrus.com or other vendor).
>
> You have to start the Fedora smart card driver, and then use the smart
> card interface software that comes with the card, or you have to write
> your own.
>
> The one I use is the USB device (with windows). An API was written to
> interface to the device. One has a protocol to respect. The actual
> communication with the card is via the Fedora interface.
>
>
> *------------------
>
> *
>
> Regards
>
> *
> Leslie
> *
> *Mr. Leslie Satenstein
> *
>
> <mailto:lsatenstein at yahoo.com>
> mailto leslies at itbms.biz
> www.itbms.biz
>
Thanks for the interest. Rick Stevens posted what looks to be the
cookbook solution to the problem, using the pam_pkcs11 software.
Googling for pam_pkcs11 points to a great website with lots of instructions.
The card reader I have is integrated into a Dell keyboard, with a USB
connection to the computer. Next week, I'll boot the box with a live cd
and run lsusb to get the details.
I intend to document the process (in great detail) as I go, and I'll
publish the results.
Regards,
John
More information about the users
mailing list