 |
ubuntu.com - launchpad.net - ubuntu help
|
|
|||||||
Hello, Unregistered You are browsing a READ only archive of the main support categories pre 4/21/2008. You will not be able to post or reply any threads in this section.
|
|
Server Platforms Discussion regarding any server based ubuntu release. |
|
|
Thread Tools | Display Modes |
|
|
October 1st, 2007
|
#1 |
|
Ubuntu Extra Shot
 
Join Date: Apr 2007
Location: Portland, Oregon
Beans: 340
Ubuntu 8.04 Hardy Heron
|
How To: Set up and use a DOD Common Access Card (CAC) for Army Knowledge Online (AKO)
With the growing usage of Ubuntu and the requirement in the US Army to use your Common Access Card (CAC) to log in to AKO there have been a lot of questions asked about getting these to work under Ubuntu.
Some caveats: Red Hat Fedora 6 supports the CAC on an out of the box installation. Ubuntu does not. There are several different tutorials on how to install a CAC reader and log in to AKO. It is a combination of these that this tutorial is built upon: http://symbolik.wordpress.com/2007/0...ders-on-linux/ http://ubuntuforums.org/showthread.php?t=457084 On AKO there is also a thread easily found by searching "linux cac" in AKO Public. Many thanks to MrFSL for finding the majority of the packages necessary. Step 1 : Get a USB card reader Specifically, you wan to get the SCM Microsystems SCR331 Smart Card Reader. These can be had on eBay for about $20 to $35 (including shipping). There are several different part numbers for this card reader. One of them works right out of the box, the others require reflashing the bios. PN: 904622 - this is the newer part number and does NOT need to be reflashed, it will work right out of the box. All other part numbers PRIOR to 904622 WILL require reflashing the BIOS. You may be able to contact the seller in advance of the sale and have them verify the part number if you don't want to reflash the BIOS. If you get a card reader that requires reflashing, visit this web site for instructions. You will need to reflash these readers in Windows. Step 2 : Install the packages (Part 1) Most of the packages are present in the Ubuntu repositories and can be installed by running the following command in a terminal window: Code:
sudo apt-get install libusb-0.1-4 libpcsclite1 libpcsclite-dev pcscd pcsc-tools build-essential autoconf xlibs-dev libccid
First we need to initialize PCSC to get the security system started: Code:
sudo /etc/init.d/pcscd restart Code:
pcsc_scan Code:
~$ pcsc_scan PC/SC device scanner V 1.4.8 (c) 2001-2006, Ludovic Rousseau <ludovic.rousseau@free.fr> Compiled with PC/SC lite version: 1.3.2 Scanning present readers 0: SCM SCR 331 (21120717207407) 00 00 Mon Oct 1 11:52:50 2007 Reader 0: SCM SCR 331 (21120717207407) 00 00 Card state: Card inserted, ATR: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX ATR: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX + TS = 3B --> Direct Convention + T0 = 6B, Y(1): 0110, K: 11 (historical bytes) TB(1) = 00 --> VPP is not electrically connected TC(1) = 00 --> Extra guard time: 0 + Historical bytes: XX XX XX XX XX XX XX XX XX XX Category indicator byte: 80 (compact TLV data object) Tag: 6, len: 5 (pre-issuing data) Data: XX XX XX XX XX Tag: 8, len: 3 (status indicator) LCS (life card cycle): 00 (No information given) SW: 9000 (Normal processing.) Possibly identified card (using /usr/share/pcsc/smartcard_list.txt): XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX Gemplus GXP3 64V2N U.S. Department of Defense Common Access Card (DoD CAC) There is one more package we need to install. Most of the tutorials out there have you installing Coolkey from source but that is not necessary and will alleviate some of the headaches for new Ubuntu/Linux users and possible dependency issues. Fortunately the good folks over at Debian (the big brother to Ubuntu) have Coolkey packaged for installation. Download the coolkey package appropriate for your installation: i386 for 32 bit Ubuntu ia64 for 64 bit Ubuntu For other versions of coolkey available, click here All it takes is downloading the appropriate package, and once complete, opening the download and allowing GDebbie Package Manager to install it for you. Step 4 : Installing the authentication tool for Firefox Next we need to set up Firefox to use your CAC/Reader as an authentication tool for websites. In Firefox go to: Edit-> Preferences -> Advanced -> Encryption --  Click on the Security Devices button --  Click the Load button to load a new module. Name it CAC Module and either type in or browse to /usr/local/lib/pkcs11/libcoolkeypk11.so --  Click OK and the CAC Module should now appear on the left side of the screen, like in the screen shots above. If you insert your CAC it will show your name under the CAC Module, and if you click on it ti should appear in the right hand pane with more detail. Step 5 : Installing the DOD Security Certificates This is probably the easiest step of the bunch. And it's almost the last... Simply go to the following web site: http://dodpki.c3pki.chamb.disa.mil/rootca.html Once there click on each of the three links, you will need to install all three certificates to get AKO/CAC working correctly. On each link, when you click it, Firefox will prompt you to install the certificate. Click Yes to each one. Step 6 : Log in to AKO/DKO Go to https://www.us.army.mil and click the CAC login button. You will be prompted for your CAC password/PIN. This is the 6 - 12 digit pin they had you enter when you had your ID made. You may be prompted with "This site has requested that you identify yourself with a certificate". Verify that your name is highlighted and click OK. You may be prompted several times for this, just keep ensuring your name is selected and clicking OK. Last edited by psyopper; October 1st, 2007 at 04:31 PM.. |
|
|
|
January 11th, 2008
|
#2 |
|
Dipped in Ubuntu
 
Join Date: Mar 2006
Location: Alaska
Beans: 598
Ubuntu 9.04 Jaunty Jackalope
|
Re: How To: Set up and use a DOD Common Access Card (CAC) for Army Knowledge Online (
I mentioned this on another post but just wanted to update - the firmware now is flash-able from Linux using the manufacturers new utility:
http://www.scmmicro.com/security/vie...t_en.php?PID=2 As it is - you have to download the Windows firmware update to get the bin file first. You also must stop your pscsd service first: Code:
sudo /etc/init.d/pcscd stop Code:
sudo /etc/init.d/pcscd start |
|
|
|
|
January 20th, 2008
|
#3 |
|
First Cup of Ubuntu
 Join Date: Jan 2008
Beans: 8
|
Re: How To: Set up and use a DOD Common Access Card (CAC) for Army Knowledge Online (
Thank you for this post. I had some issues at first getting my card to be properly read, but a restart, for whatever reason, seems to have fixed it. D'oh!
Also, good news for Gutsy users: Coolkey now appears to be in the Ubuntu repo's, so no need to go grab the debian package. Thanks again! Last edited by jsh-hk; January 20th, 2008 at 01:35 AM.. |
|
|
|
|
January 20th, 2008
|
#4 |
|
First Cup of Ubuntu
Join Date: Jan 2008
Beans: 8
|
Re: How To: Set up and use a DOD Common Access Card (CAC) for Army Knowledge Online (
|
|
|
|
|
March 8th, 2008
|
#5 |
|
5 Cups of Ubuntu
 
Join Date: Aug 2007
Location: Colorado
Beans: 36
Ubuntu 9.04 Jaunty Jackalope
|
Re: How To: Set up and use a DOD Common Access Card (CAC) for Army Knowledge Online (
Thanks, I'm trying to make the complete switch from windows to linux and this will definitely help
 |
|
|
|
|
January 23rd, 2008
|
#6 |
|
First Cup of Ubuntu
Join Date: Jul 2007
Beans: 4
|
Re: How To: Set up and use a DOD Common Access Card (CAC) for Army Knowledge Online (
it worked for a day then wouldn't work the next, i keep gettin an error when trying to sign in and tried to see if the system would read the card, with the pcsc_scan command, and this is what the terminal said
PC/SC device scanner V 1.4.11 (c) 2001-2007, Ludovic Rousseau <ludovic.rousseau@free.fr> Compiled with PC/SC lite version: 1.4.99 winscard_clnt.c:3471:SCardCheckDaemonAvailability( ) PCSC Not Running SCardEstablishContext: Cannot Connect to Resource Manager: Service not available. (0x8010001D) i have the latest feisty |
|
|
|
|
January 23rd, 2008
|
#7 |
|
Dipped in Ubuntu
Join Date: Mar 2006
Location: Alaska
Beans: 598
Ubuntu 9.04 Jaunty Jackalope
|
Re: How To: Set up and use a DOD Common Access Card (CAC) for Army Knowledge Online (
It looks like the server is not running try:
Code:
sudo /etc/init.d/pcscd restart |
|
|
|
|
March 3rd, 2008
|
#8 |
|
First Cup of Ubuntu
Join Date: Jul 2007
Beans: 4
|
Re: How To: Set up and use a DOD Common Access Card (CAC) for Army Knowledge Online (
still getting that error, also opened the firefox preference to look at the module lit and the one i loaded for the cac is no longer on there. and it won't let me reload it
|
|
|
|
|
March 3rd, 2008
|
#9 | |
|
Dipped in Ubuntu
Join Date: Mar 2006
Location: Alaska
Beans: 598
Ubuntu 9.04 Jaunty Jackalope
|
Re: How To: Set up and use a DOD Common Access Card (CAC) for Army Knowledge Online (
Quote:
If you have the appropriate hardware (**NOTE** - not all CAC card readers have shown to work in Linux) and you have followed the necessary steps to install and configure the appropriate software - then things should work. I would retrace your steps from the top. Perhaps you overlooked something. Sorry.  |
|
|
|
|
|
March 3rd, 2008
|
#10 |
|
First Cup of Ubuntu
Join Date: Jul 2007
Beans: 4
|
Re: How To: Set up and use a DOD Common Access Card (CAC) for Army Knowledge Online (
ok i have p/n 904850,
scr3310 v2.0 tried from the begining but still not working |
|
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Hybrid Mode
|
|
All times are GMT -4. The time now is 12:18 AM.