Red Hat / Fedora :: Smart Card Authentication In RHEL6?
Mar 2, 2011
I have recently installed RHEL6 BETA on my desktop. the login page is somewhat different from RHEL5.4. I can see 3 option
1) Log into session with smart card authentication
2) Log into session with fingreprint
3) Log into session with username & password.
By default only first option is active. If I press cancel, then only I can get the options for user & other.Then if I am selecting my user account and giving the password, nothing is coming. The screen is just flicking & coming back to original. No authentication failure can be seen.
View 1 Replies
ADVERTISEMENT
Feb 8, 2010
Something has gone awry with my login. After the usual username/password prompt my laptop comes up with smart card authentication & I can't login. How do I get away from the graphical login so I can login & correct the problem?
View 3 Replies
View Related
Dec 16, 2009
Our smart card readers stopped working with Firefox and Thunderbird after upgrading from Fedora 9 to 12. When I first opened it, Thunderbird warned that the "CAC Reader (DoD Configuration Extension)" is incompatible with the current version (3.0b4) and disabled the extention. Firefox (3.5.5) just doesn't work. The module listed in Mozilla Firefox/Thunderbird [Security Devices] was "/usr/lib64/pkcs11/libcoolkeypk11.so" which is still there. To get it working in Fedora 9 I was able to run an installer from [URL]. That was before my VeriSign software certificate expired.
Now I can't even connect to forge.mil because they require a PKI cert to connect. I'm wondering how they expect someone to get a driver for their CAC reader if they need a working CAC reader to get the driver - seems like a "Catch 22" situation. I also still have the rpm's that I downloaded before from software.forge.mil. I tried installing those but that didn't help.
mozilla-dod-configuration-1.0.2-0.noarch.rpm
firefox-mozilla-dod-configuration-1.0.2-0.noarch.rpm
thunderbird-mozilla-dod-configuration-1.0.2-0.noarch.rpm
Does anyone know if there is a later version of these RPM's or if there's another way to get our CAC readers working again with Firefox and Thunderbird?
Relevant Background Info:
Installed Packages:
ccid-1.3.9-2.fc12.x86_64
coolkey-1.1.0-11.fc12.x86_64
mozilla-dod-configuration-1.0.2-0.noarch
firefox-mozilla-dod-configuration-1.0.2-0.noarch
thunderbird-mozilla-dod-configuration-1.0.2-0.noarch
Could a renamed kernel module be part of the problem? What do you make of the following information?
Find library dependencies:
Code:
[root@inet3 ~]# ldd /usr/lib64/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so
linux-vdso.so.1 => (0x00007fff41bff000)
libusb-0.1.so.4 => /usr/lib64/libusb-0.1.so.4 (0x00007f52a37fd000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f52a35e1000)
libc.so.6 => /lib64/libc.so.6 (0x00007f52a3268000)
/lib64/ld-linux-x86-64.so.2 (0x000000374b400000)
[root@inet3 ~]# locate linux-vdso.so
[root@inet3 ~]# locate vdso.so
/lib/modules/2.6.31.6-166.fc12.x86_64/vdso/vdso.so
[root@inet3 ~]#
##!!
There is no module named "linux-vdso.so". It looks like there was a name change that broke the libccid.so dependencies. I tried creating links within "/lib/modules/2.6.31.6-166.fc12.x86_64/" named linux-vdso.so pointing to vdso.so but it still isn't working. I've unloaded the module within Firefox (and Thunderbird) preferences within the [Security Devices] manager. Then tried adding it back using the [Load] button and specifying the coolkey library again but it's still not working.
View 12 Replies
View Related
Dec 17, 2010
Smart phone (MyTouch 3G) SD card is NOT being detected in Fedora 14 installed on Asus G73 JW-A1 laptop. Notes: SD Card, using the same cable, is detected just fine on Windows laptop and was detected on a desktop computer (that I no longer have access to) that was running Fedora 12.
View 2 Replies
View Related
Jun 10, 2009
Anyone running fedora 11 have any luck getting a smart card reader added as a security device under firefox?
Specifically from firefox: Edit-Preferences-Advanced-Encryption tab-Security_Devices-Load;
Enter arbitrary name and "/usr/lib64/libcoolkeypk11.so" as the module.
This worked fine in fedora10 and was the necessary step to getting a card reader to work with firefox. In fedora11 (with firefox beta) the browser just comes back with nothing, it doesn't even respond. Note I am familiar with the concept of pki and certificates as well as certutil, pkcs11_inspect, pklogin_finder, etc. Also note utlities like pkcs11_inspect and pklogin_finder and esc all work and communicate with the reader and read the contents of the card but smart card login configured via the authentication applet (as working in fedora 10) is not working either.
View 3 Replies
View Related
Mar 19, 2010
I've a smart card reader and a certificate (DNe). I'd like to use the certificate in the sc to login session (Opensuse 11.2 and Kubuntu 8.04).I've seen some modules (pam_pkcs11, pam_p11) but not able to configure them. Please, can any tell me what do I have to do for using my smart card to login KDE/Gnome Session?
View 2 Replies
View Related
Apr 2, 2009
In CentOS 5.3 there is a new "Smart Card Manager" window that pops up when I log in to KDE. Is there any way to disable it?
View 2 Replies
View Related
Dec 20, 2010
I am looking to install RHEL 6 over the network. I havent done any kind of installation before, so this is proving to be an uphill task ergoI just registered on this forum.I'll first let you know what i have:1. I have an RHEL 6 image on one machine and on the same machine I also have a DHCP server ( but am not sure if I have a TFTP server as well - anyway to check ?)What I need:
I need to install RHEL 6 on another machine using the image on the earlier mentioned machine. I have come across many links on my searches online which cover the theoritical aspects which mentions the use of "kickstart" file which once transfered to my client-machine has to be run to install RHEL on my client.. But my problem is, I am unable to find any place which gives a sequence of steps or commands to follow which will help me install this... Can you please guide on how i can go about this
View 2 Replies
View Related
Feb 4, 2011
1: Did chkconfig --level 12345 iptables off (and ip6tables too)
2: Did system-config-firewall and unclicked enable
3: Rebooted:
Dang the stuff is still there:
--
# /etc/init.d/iptables status
Table: mangle
Chain PREROUTING (policy ACCEPT)
[code].....
View 6 Replies
View Related
Jul 7, 2011
I am new to Linux platform and have installed RHEL 6 on my computer. I have gone through different posts on websites regarding how to mount windows drive on to the Linux file system.Here are few results of my trial where results are slightly overwhelming for a guy like me:
1. Mounting NTFS file system using mount commandAs a su-)
" $mount -t ntfs /dev/sda1 /media/MyFilesystem"
Output: error: unrecognised file system ntfs
2. I followed step by step instructions of installing Fuse and ntfs-3g_ntfsprogs but had no luck:
while using this command for the installation of for FUSE-0.9(which I guess prepares files for installation) I am getting this error :
" Command use: ./configure --exec-prefix=/; make;make install"
Error: "Checking Kernel source directory.../usr.src/kernels/2.6.32-71.e16.x86_64...Checking Kernel source version.......Not found "
Configure error: cannot determine the version of the Linux kernel source.Please configure the kernel before running this script.
Woooh , as u can see my Linux version is mentioned in that message so can anyone lemme know whether this issue is because of the incompatibility of Fuse with my version of Linux or am I suppose to make some changes in the command itself.
View 7 Replies
View Related
Jan 28, 2009
Now the file upload feature is working, I have added the correctly indented php file as an attachment on post no: 3. The attached php script will create any missing smart channel files from the equivalent yum repo files. Any new smart channel files will be placed in a /new-smart-channels subdir of the yum repos directory.
Installation
Copy the attached php CLI script below to a new file, called create-smart-channels.php.
Change the permissions to something like:
# chown root:root create-smart-channels.php
# chmod 755 create-smart-channels.php
Then place the script in the directory that contains your yum repo files, usually /etc/yum.repos.d/
If you have set any open_basedir restrictions in /etc/php.ini, you will also need to add '/etc/smart/channels/:' to the search paths to allow create-smart-channels.php to read the contents of the /etc/smart/channels/ directory.
Warning:
Do not allow php access to the whole of the /etc directory. This could be a security issue. Whatever access restrictions are set with open_basedir (if any), you should override these in your httpd.conf file, to restrict apache's php module to only allow access to php files under your apache's document root. To do this, use something like this in your httpd.conf file:
<Directory />
Options None
AllowOverride None
Order Deny,Allow
Deny from all
# these are the only directories which the apache PHP module can
# have access to. This setting overrides the settings in the
# global php.ini file, which applies to the CLI version of PHP .....
View 4 Replies
View Related
Dec 2, 2009
I have a problem with Elantech Smart Pad under F12 on ASUS N61 notebook. I could not find the driver, and it is not possible to set sensitivity or to turn it off. It is quite annoying.Does anybody knows how to turn it off, or configure it?
View 1 Replies
View Related
Jan 15, 2011
With the new changes to RHEL 6, and it being more inline with Fedora, how do you change the login screen background? I'm talking about the main login screen, not after you have logged in and need to change the desktop background. We use a custom background for machines in our lab, and need to implement this on 6.
View 1 Replies
View Related
Jul 10, 2011
I am using a wireless usb device to connect to my router and the make/model of the device is Edimax 7717Un. Drivers for Linux came with the CD and I tried to follow the Read me .sta but I cannot understand few things.
1 When I tried to compile the code by using $make command the code is getting compiled with some errors which are mentioned below:
_Linux_STA_V2.1.2.0/os/linux/../../os/linux/rt_linux.c:1508: error: 'struct net_device' has no member named 'open'
/root/Desktop/LIN_FILES/2009_0521_RT2870_Linux_STA_V2.1.2.0/os/linux/../../os/linux/rt_linux.c:1509: error: 'struct net_device' has no member named 'stop'
[Code].....
if there is way of installing the driver for my make and model in RHEL 6.0 or is there anything I can do( which I think would be slightly too much for me) in this circumstances. I am attaching README.STA and the MAKE file with this post .
View 1 Replies
View Related
Jan 25, 2011
Having a little issue with creating a login message banner in RHEL6 that uses two buttons. One for Accept which logs the user in. The second for Cancel which immediately logs the user out. I've modified the /etc/gdm/PostLogin/Default file to have the script, posted below, and it worked perfectly fine in RHEL5. But in 6, when you click Cancel, the user is still able to log in. It even states in the system logs that the user cancelled the login.As you can see, I have the script using the 9th field of the user's env to get the PID, and using the kill command to end the process, which should be logging the user out right away if they click the Cancel button. This works in 5 without issue (though I used -f5 in RHEL5, had to move it to -f9 for RHEL6).
View 4 Replies
View Related
Jan 21, 2010
I have a fedora 11 machine set up in a class room. Every time I plug the Smart Board in, the mouse jumps to the top left corner and every time I move the mouse it jumps back there again.As soon as I unplug the Smart Board the mouse goes back to normal.I have used the exact same Smart Board with a Fedora 10 machine without any problems.ideas on what could be causing this problem and how I could fix it
View 2 Replies
View Related
Mar 4, 2011
Just thought I'd ask on her which smart phones have the best native support in Fedora? I use F14 (I also use a debian spin-off called Mepis) I was thinking either a Nokia E7 or an HTC / Samsung with Android, but I'm not sure what's available for email synchronisation etc.
View 3 Replies
View Related
Jan 10, 2010
I want to configure SSH key-based authentication and SSH password Authentication in same machine for different user .
View 1 Replies
View Related
Mar 14, 2011
On Ubuntu server 10.10, with a relay smtp server with authentication via postfix; I keep getting 535: Incorrect authentication data. I'm sure my username and password is correct. Heres how I set up postfix: I created a file called smarthosts.conf in my /etc/postfix/ directory that contains the following:
[Code].....
my server uses plain text authentication on port 25. I would like to use security like SSL, but this particular server is unsecured.
View 9 Replies
View Related
Apr 1, 2016
If I am running a script, let's say a install script. Is there a way to make Su repeat authentication rather then just returning "Authentication failed" and continuing the script?
View 3 Replies
View Related
Jan 17, 2011
I need to make a choice on what authentication protocol I want to use for Authentication and Authorization. I was looking at Radius and then literature suggested that Diameter was a better protocol. Keep in mind I need this on a hetrogeneous setup ( linux & windows together). Diameter seemed like a good fit until I discovered that the open source code no longer seems to be maintained ( C/C++).
I was also looking at Kerberos as an option though there is alot overhead with the server. SSL/TLS or EAP? I am looking for simple but secure and am new at the security protocols.
View 2 Replies
View Related
Mar 12, 2010
I have a problem with ldap client authentication in ubuntu. I am using rhel5 as openldap server and I configured ubuntu as client, when I am trying to login the following message is coming."su: Authentication service cannot retrieve authentication info. Sorry"
But when I do search through "ldapsearch" command output is coming without any errors, Can anybody explain what would be problem.
View 1 Replies
View Related
May 27, 2011
I have a network and am using squid proxy with authentication I want to create another subnet without authentication.
View 1 Replies
View Related
Jul 21, 2010
I have an EeePC 4g netbook which only has a 4Gb hard drive and I thought I would like to install Fedora 13 on an 8 Gb SDHC card and use it to boot the netbook.
As neither the netbook nor I have an optical drive, I made a bootable USB memory stick using Unetbootin which boots the netbook and could be used like a live CD to install Fedora.
On booting with the live USB stick, with the blank SD card in place, and clicking on the install icon, the installation starts but then there are 2 problems; the first is that the installer appears to want to install to both the SD card and also the USB stick. There is a tick in the box beside the USB stick which I can't remove.
I decided to ignore that and put a tick in the box beside the SD card but when it got to the point where it creates partitions it said "Could not find enough free space for automatic partitioning. Please use another partitioning method"
Surely 8 GB is more than enough space for partitioning, so where am I going wrong and why does it want to install on the USB stick as well?
View 2 Replies
View Related
Dec 4, 2010
Just installed Fedora 14 from the Live CD i686 on my Dell Inspiron 1521. I can't connect to the SpeedTouch 585 on either wireless broadcom card or the wired Ethernet card.
I can connect to it from the same Laptop on the Vista which is on dual boot on the same laptop.
Further confusing is that I ran Fedora 14 and connected to another SpeedTouch today.
Already checked the Channel on the wireless nic and it's on the same one as the SpeedTouch.
View 6 Replies
View Related
Jun 20, 2011
i am using acer extensa 4620 laptop of 32bit architecture with core 2 duo processor and 1 gb ddr2.i have installed RHEL 6. i want to do practice on virtual machine for my rhce exam.due to 32bit architecture i am not able to use kvm one more problen,during installation of RHEL6 i cannot use "install or upgrade" option while booting dvd.after entering this opiton my screen goes blank nathing comes,but i am able to install usic "basic video driver option" same problem i face when i enter in rescue mode also..... nothing is displayed...the screen goes blank
View 2 Replies
View Related
Apr 22, 2011
Is it possible to install firefox 4 in RHEL6? I can't find a mirror for this package.
View 3 Replies
View Related
Apr 29, 2011
I compiled kernel-2.6.32-71.24.1 on 32-bit rhel6, but there is no kvm.ko. what if I want to use kvm on 32-bit rhel6.
Steps to Reproduce:
1. install kernel-2.6.32-71.24.1.el6.src.rpm
2. rpmbuild -ba kernel.spec
3. find /root/rpmbuild/BUILD/kernel-2.6.32-71.24.1.el6/linux-2.6.32-71.24.1.el6.i686/-name kvm.ko
Actual results:
not found kvm.ko
View 1 Replies
View Related
Aug 4, 2010
Are there shell versions that have a more intelligent tab completion? I'd like to be able to type cd foo-<TAB> Then it would show me the possible completions along with numbers that I can type to select one of them:
cd foo-<TAB>
(1) foo-bar1 (2) foo-bar2 (3) foo-bad
So, after <TAB> I would type 3 and it would take me to foo-bad. Alternatively, using the arrow keys instead of typing the number would be fine.
View 2 Replies
View Related
Jul 31, 2010
From time to time I have seen messages asking if their new device works on Ubuntu. This is to advise that I recently purchased a "Smart Webcam" brand inexpensive webcam at a local U.S. building products chain. Strange place to find such a thing but it was very low priced so I thought "why not give it a try". As it turned out, it works with my 10.04 install. Shows up ok on Ekiga and in gstreamer-properties in terminal. The video image quality is not as good as some but is suitable for casual use.
The microphone is brought out via a "Y" off the USB cable and ends in a 1/8" audio plug that will plug into a sound input port. I have not tried the mic but it should work. There is almost no documentation provided. Lastly, I have no connection with either the manufacture or the store. Just thought someone might be considering one of these and wondering it would work in Ubuntu. It does for me.
View 6 Replies
View Related
