Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 38

Thread: HOWTO: Smart Card authentication for logins, e-mail, TrueCrypt and more!

  1. #21
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: HOWTO: Smart Card authentication for logins, e-mail, TrueCrypt and more!

    Yeah, I forgot to mention libengine-pkcs11-openssl, fixed. And the scard group does not exist, fixed that too, I probably installed some other package that creates it when I wrote the guide. However, after installing libengine-pkcs11-openssl, I don't need to copy any files.
    「明後日の夕方には帰ってるからね。」


  2. #22
    Join Date
    Feb 2009
    Beans
    11

    Re: HOWTO: Smart Card authentication for logins, e-mail, TrueCrypt and more!

    ok, i carried on with first trying to get sudo work:

    Code:
    juzer@masodik:~$ sudo -i
    Please insert your Smart card or enter your username.
    Found the Smart card.
    Welcome juzer juzer (User PIN)!
    Smart card PIN: 
    ERROR:pam_pkcs11.c:537: no valid certificate which meets all requirements found
    [sudo] password for juzer:
    Code:
    pkcs11_inspect
    says:
    Code:
    Printing data for mapper pwent:
    juzer juzer

    i changed opensc.conf, and uncommented the
    Code:
    lock_login = false;
    line, but this does not make any difference. what next?

  3. #23
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: HOWTO: Smart Card authentication for logins, e-mail, TrueCrypt and more!

    Try increasing the debug value in opensc.conf, it should give a bit more info about what went wrong.
    「明後日の夕方には帰ってるからね。」


  4. #24
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: HOWTO: Smart Card authentication for logins, e-mail, TrueCrypt and more!

    Quote Originally Posted by stupid_for_a_file View Post
    Code:
    pkcs11_inspect
    says:
    Code:
    Printing data for mapper pwent:
    juzer juzer
    Double-check in /etc/passwd that this is actually what your real name field says, because for me, there were three commas added after it.
    「明後日の夕方には帰ってるからね。」


  5. #25
    Join Date
    Feb 2009
    Beans
    11

    Re: HOWTO: Smart Card authentication for logins, e-mail, TrueCrypt and more!

    this is it. /etc/passwd looks as follows:

    Code:
    juzer:x:1000:1000:juzer juzer,,,:/home/juzer:/bin/bash
    this i changed now to:

    Code:
    juzer:x:1000:1000:juzer juzer:/home/juzer:/bin/bash
    and it works. there are a few lines of error printed, but i got sudo.

    i will see now to get login working, and then to reconstruate all this on another clean system to make sure i can do it on my own.

    i also ordered now an expresscard reader to make all this more convenient.

    i am already very pleased with the result, and again thankful to you for working on this with me.

  6. #26
    Join Date
    Jul 2011
    Beans
    6

    Re: HOWTO: Smart Card authentication for logins, e-mail, TrueCrypt and more!

    hi,

    i am trying to authenticate wpa supplicant with smart card for the network access with my Free radius server. i would like to know the steps involved to install and configure with my ubuntu lucid machine. The card reader, am using is hardware Omnikey CardMan 3121 USB and the rsa card is OpenPGP Card v2.

    thanks in advance,

    cheers,
    D.
    Last edited by CharlesA; July 26th, 2011 at 02:35 PM. Reason: normalized font

  7. #27
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: HOWTO: Smart Card authentication for logins, e-mail, TrueCrypt and more!

    Quote Originally Posted by dhinu View Post
    hi,

    i am trying to authenticate wpa supplicant with smart card for the network access with my Free radius server. i would like to know the steps involved to install and configure with my ubuntu lucid machine. The card reader, am using is hardware Omnikey CardMan 3121 USB and the rsa card is OpenPGP Card v2.

    thanks in advance,

    cheers,
    D.
    This thread in general only deals with OpenSC and PKCS#11 cards, not OpenPGP cards. Also, I have not looked at Radius yet, but feel free to report if you find out how to make it work.
    「明後日の夕方には帰ってるからね。」


  8. #28
    Join Date
    Jul 2011
    Beans
    6

    Re: HOWTO: Smart Card authentication for logins, e-mail, TrueCrypt and more!

    hi,

    its me again, now am using Feitian PKI card. In my lucid machine i already installed openssl 1.0.0a to create certificates for EAP authentication methods and now the problem is, when i tried to load engine_pkcs11 to create and store client certificate in smartcard for smartcard authentication, i get the following errors even after installing necessary libraries like libengine_pkcs11-openssl,


    OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre IDkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so
    (dynamic) Dynamic engine loading support
    [Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so
    [Success]: IDkcs11
    [Success]: LIST_ADD:1
    [Failure]: LOAD
    14248680:error:260B606D:engine routinesYNAMIC_LOAD:init failed:eng_dyn.c:521:
    [Failure]: MODULE_PATH:/usr/lib/opensc-pkcs11.so
    14248680:error:260AC089:engine routines:INT_CTRL_HELPER:invalid cmd name:eng_ctrl.c:134:
    14248680:error:260AB089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd name:eng_ctrl.c:316:


    is that my openssl version is not supported by the pkcs engine..? how to come out of this....

    thanks in advance,
    D.

  9. #29
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: HOWTO: Smart Card authentication for logins, e-mail, TrueCrypt and more!

    I have not tried with OpenSSL 1.0.0. I will give it a try as soon as I can get my hands on my smartcard and tell you what I find.
    「明後日の夕方には帰ってるからね。」


  10. #30
    Join Date
    Jul 2011
    Beans
    6

    Re: HOWTO: Smart Card authentication for logins, e-mail, TrueCrypt and more!

    thanks, by the way i saw a rebuild version of engine_pkcs11 for openssl 1.0.0 in,

    https://launchpad.net/ubuntu/+source.../0.1.8-2build1

    does it make any sense to reinstall the libengine_pkcs11-openssl by this one...

    cheers,
    D.

Page 3 of 4 FirstFirst 1234 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •