Configure Smart Card Auth on Ubuntu 20.04 [Bit Goblin Wiki]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.

====== Configure Smart Card Auth on Ubuntu 20.04 ======

===== Install pre-requisite packages =====

<code>apt install -y opensc gdm3</code>

**Note:** Make sure to select GDM as the default display manager, since this does not yet work with LightDM.

===== Copy in PAM PKCS11 config =====

This assumes you have the pam_pkcs11.conf file in your home.

<code>cp ~/pam_pkcs11.conf /etc/pam_pkcs11/</code>

===== Setup CA Certs =====

<code>rmdir /etc/pam_pkcs11/cacerts</code>

<code>ln -s /usr/local/share/ca-certificates /etc/pam_pkcs11/cacerts</code>

<code>cd /etc/pam_pkcs11/cacerts; pkcs11_make_hash_link</code>

===== Configure PAM =====

We need to remove the pam_pkcs11 call from ''common-auth'' and add it to ''gdm-password'' so that SSH sessions can pass along without smartcard auth:

In ''/etc/pam.d/common-auth'' remove:

<code>auth    [success=2 default=0]    pam_pkcs11.so</code>

Add the following line to ''/etc/pam.d/gdm-password'' AFTER the ''@include common-auth'' line:

<code>auth    [success=ok default=bad]    pam_pkcs11.so</code>

===== Finishing Up =====

Reboot the system and test!