Lippold, Aaron L CIV DISA PEO-GES wrote:
Classification: Caveats: *NOTICE:
Question to the gallery:
I want to start writing a script to help with the user card reg and
account association. What's the correct place for a tool like this? The
ESC, a bash script, an addition to the firstboot tool set?
For a quick starter solution, how can I pull the CN from an inserted
card in using bash, perl, awk etc.
If you check in the email I sent you (& Robert) '03/08/2007 09:51 AM' "Re: ssh
with CAC ... almost (UNCLASSIFIED)", in the cacreader_04_RH.tgz [aka
cacreader.txt] file you will find a program source file and a script to get
85% of what you need done, at least as an administrator of a network.
For me the account association should happen through the network managed
account info, i.e., NIS or LDAP, so the setup of a local machine should just
be to point it to the network source.
Mr. Schmidt and I don't have any problems with redistribution of that code, so
if you get it to the point you want to share it with others go ahead.
Other alternatives would include that the ssh-add (as produced by Alon
Bar-Lev) spits out the CN as part of the
`ssh-add --pkcs11-show-ids --pkcs11-provider /usr/lib/pkcs11/libcoolkeypk11.so`
call, and is not too difficult to parse from there.
I will try to get a Coolkey bug in to the system in the next few days for the
fork problem, listed by Alon, the other bug he lists is I think less
troublesome (at least when a particular CN will only appear on one physical
card) and more difficult to pin down the solution for.
Yet another solution might involve pkcs11-dump to get the info.
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
Coolkey-devel mailing list