Category Archives: Security

Linux smart card authentication – PAM

(This is part of my howto on smart card authentication in Linux.)

PAM (Pluggable Authentication Modules) is an authentication framework which uses modules to authenticate users using a wide variety of methods. A PKCS#11 PAM module exists, which allows us to use smart cards to authenticate against any service which uses PAM. The most obvious usage of PAM is system logins, either console or graphical, but a lof of other services, for example sudo, use it (you can have a look in /etc/pam.d to see all currently installed services which use PAM).

Continue reading

Linux smart card authentication – OpenSSL

(This is part of my howto on smart card authentication in Linux.)

You can use the private key stored on your card with OpenSSL, just like you would use an on-disk key. Among other things, you can sign files, decrypt files encrypted with your public key, or generate X.509 certificates for your key. Since this is not an OpenSSL guide, I will not describe those operations in detail, you can refer to the OpenSSL page in the Ubuntu Server Guide if you are not familiar with them, the syntax is the same (except for the necessary command flags to tell OpenSSL to use your smart card, see below).

Continue reading

Linux smart card authentication howto

This is something I posted on Ubuntu Forums a while ago. Since the tutorials section of UF is bound to disappear, I am reposting it here. I have only tested it on Ubuntu; it should work as is on Debian and other Debian-derivatives, and almost as-is on any modern Linux distribution.

Because your machine hosts extremely sensitive data (or, more probably, just for the geek factor) passwords sometimes just don’t cut it. Thanks to the OpenSC project, Linux users can also use smart cards in lieu of passwords to authenticate against various services, which, in addition to being immune to dictionary or brute force attacks, just looks way cooler. This guide will describe the steps needed to use smart cards for various authentication and encryption purposes. I’d like to thank UF user Berduchwal for starting work (and getting me interested to it) in this thread.

Continue reading