retrosraka.blogg.se - Ubuntu google reader client

#UBUNTU GOOGLE READER CLIENT HOW TO#
#UBUNTU GOOGLE READER CLIENT INSTALL#
#UBUNTU GOOGLE READER CLIENT DRIVERS#

To validate the smart card certificates the pam_pkcs11 module needs to know the acceptable Certificate Authorities for signing user certificates and any available CRLs. Set pwent as the mapper in the pam_nf file by modifying the existing entry: use_mappers = pwent Next, it matches this result to the PAM login name to determine if a match was found or not. If either matches, the pw_name is returned as the login name.

This mapper uses the getpwent() system call to examine the pw_name and pw_gecos fields of every user for a match to the CN name. In other words, if the first defined mapper fails to map to a user on the system, the next one will be tried, and so on until a user is found.įor the purposes of this guide, we will use the pwent mapper. The different cert mappers may even be stacked. Each cert mapper uses specific information from the certificate to map to a user on the system. The pam_pkcs11 module provides a variety of cert mappers to do this. This PAM module allows certificates to be used for login, though our Linux system needs to know the username. Leave debug = true until everything is setup and is operating as desired. Module = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so In particular it should contain the following lines in Ubuntu 20.04. The cert_policy option should include oscp as one of its certificate verification policies. The module option should contain the absolute path of the open-pkcs11.so on the system. $ sudo cp /usr/share/doc/libpam-pkcs11/examples/pam_ nfĬheck the module, cert_policy, and use_pkcs11_module options defined within the pkcs11_module opensc entry in the pam_nf file. Configure the pam_pkcs11 module $ cd /etc/pam_pkcs11 To enable that process we have to configure the pam_pkcs11 module and add the relevant certificate authorities, add pam_pkcs11 to PAM configuration and set the mapping of certificate names to logins. When enabled, the pam_pkcs11 login process is as follows: The module relies on a PKCS#11 library, such as opensc-pkcs11 to access the smart card for the credentials it will need. The pam_pkcs11 module allows PAM supported systems to use X.509 certificates to authenticate logins. USB smart cards like Yubikey embed the reader, and work like regular PIV cards.Įach smart card is expected to contain an X.509 certificate and the corresponding private key to be used for authentication.

#UBUNTU GOOGLE READER CLIENT INSTALL#

$ sudo apt install opensc-pkcs11 libpam-pkcs11 pcscdĪny PIV or CAC smart card with the corresponding reader should be sufficient.

libpam-pkcs11: contains the PAM module to allow X.509 certificate logins via smart cards.

opensc-pkcs11: contains the smart card drivers, such as PIV or CAC.

#UBUNTU GOOGLE READER CLIENT DRIVERS#

pcscd: contains the drivers needed to communicate with the CCID smart card readers.

The following packages must be installed to obtain a smart card configuration on Ubuntu.

#UBUNTU GOOGLE READER CLIENT HOW TO#

The following sections describe how to enable smart card authentication on Ubuntu. This provides a higher degree of security than single-factor authentication such as just using a password. To operate the owner must have the smart card and they must know the PIN to unlock the card. Multi-node Configuration with Docker-ComposeĪmong some of the popular uses for smart cards is the ability to control access to computer systems.