wiki:linux:configure_smart_card_authentication_ubuntu

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
wiki:linux:configure_smart_card_authentication_ubuntu [2023/04/28 13:38] – removed - external edit (Unknown date) 127.0.0.1wiki:linux:configure_smart_card_authentication_ubuntu [2025/01/07 12:37] (current) – ↷ Page moved from wiki:linux:install_davinci_resolve:wiki:linux:configure_smart_card_authentication_ubuntu to wiki:linux:configure_smart_card_authentication_ubuntu Greg
Line 1: Line 1:
 +====== Configure Smart Card Auth on Ubuntu 20.04 ======
  
 +===== Install pre-requisite packages =====
 +
 +<code>apt install -y opensc gdm3</code>
 +
 +**Note:** Make sure to select GDM as the default display manager, since this does not yet work with LightDM.
 +
 +===== Copy in PAM PKCS11 config =====
 +
 +This assumes you have the pam_pkcs11.conf file in your home.
 +
 +<code>cp ~/pam_pkcs11.conf /etc/pam_pkcs11/</code>
 +
 +===== Setup CA Certs =====
 +
 +<code>rmdir /etc/pam_pkcs11/cacerts</code>
 +
 +<code>ln -s /usr/local/share/ca-certificates /etc/pam_pkcs11/cacerts</code>
 +
 +<code>cd /etc/pam_pkcs11/cacerts; pkcs11_make_hash_link</code>
 +
 +===== Configure PAM =====
 +
 +We need to remove the pam_pkcs11 call from ''common-auth'' and add it to ''gdm-password'' so that SSH sessions can pass along without smartcard auth:
 +
 +In ''/etc/pam.d/common-auth'' remove:
 +
 +<code>auth    [success=2 default=0]    pam_pkcs11.so</code>
 +
 +Add the following line to ''/etc/pam.d/gdm-password'' AFTER the ''@include common-auth'' line:
 +
 +<code>auth    [success=ok default=bad]    pam_pkcs11.so</code>
 +
 +===== Finishing Up =====
 +
 +Reboot the system and test!