wiki:linux:configure_smart_card_authentication_ubuntu

Configure Smart Card Auth on Ubuntu 20.04

Install pre-requisite packages

apt install -y opensc gdm3

Note: Make sure to select GDM as the default display manager, since this does not yet work with LightDM.

Copy in PAM PKCS11 config

This assumes you have the pam_pkcs11.conf file in your home. 

cp ~/pam_pkcs11.conf /etc/pam_pkcs11/

Setup CA Certs

rmdir /etc/pam_pkcs11/cacerts
ln -s /usr/local/share/ca-certificates /etc/pam_pkcs11/cacerts
cd /etc/pam_pkcs11/cacerts; pkcs11_make_hash_link

Configure PAM

We need to remove the pam_pkcs11 call from common-auth and add it to gdm-password so that SSH sessions can pass along without smartcard auth:

In /etc/pam.d/common-auth remove: 

auth    [success=2 default=0]    pam_pkcs11.so

Add the following line to /etc/pam.d/gdm-password AFTER the @include common-auth line: 

auth    [success=ok default=bad]    pam_pkcs11.so

Finishing Up

Reboot the system and test!

  • wiki/linux/configure_smart_card_authentication_ubuntu.txt
  • Last modified: 2025/01/07 12:37
  • by Greg