Todd Denniston wrote, On 01/15/2008 06:42 PM:
Lippold, Aaron L CIV DISA PEO-GES wrote, On 01/15/2008 06:09 PM:
Classification: UNCLASSIFIED Caveats: NONE
Hi,
Anyone have to quick how-to on number 3?
http://www.opensc-project.org/opensc/wiki/SecureShell
BAH!
I forgot, ssh working with pkcs11 was one of Alon's projects that is NOT
hosted at opensc...
http://alon.barlev.googlepages.com/open-source
I hope to, in my copious spare time, get around to testing 'Linux Disk
Encryption Integration'[3] and 'PKCS#11 Key Module for eCryptfs'[4], so we can
meet the requirements to encrypt our laptops and USB sticks, and I am
wondering if 'PKCS#11 Support in GnuPG' could be used to allow us to sign
rpm's that we send to the field so that warfighters could have some way to
verify that the CD they just got has legit rpm's (besides the sending address
on the mailer).
[3] http://wiki.tuxonice.net/EncryptedSwapAndRoot
[4] http://ecryptfs.sourceforge.net/
https://bugzilla.redhat.com/show_bug.cgi?id=186469
https://bugzilla.redhat.com/show_bug.cgi?id=186469#c8
I have built a set of patches to ssh to make it work in F8 too, but have
not yet put them up on BZ[1].
I don't remember which FC RHEL 5 is based on, but you should be able to
do one of the following...
1) use the src.rpm's and patches listed in the BZ, and do the build on
on RHEL. I expect it will probably work.
2) use the src.rpm's for RHEL 5.1, get the appropriate patches based on
links you find in the build script of that BZ, and build it on the
system. I expect it to work, but be a lot of work to achieve.
3) get RH to compile up the patches _they_ put in F8's openssh into RHEL
_and_ make them work. Good luck.
[1] I want to properly comment on RH's reinvention of the wheel[2]
before putting up a BZ of how to make it work with F8|Rawhide.
Unfortunately that takes time to write.
[2] not proper comment on the problem:
https://www.redhat.com/archives/fedora-list/2007-December/msg00569.html
https://www.redhat.com/archives/fedora-list/2007-December/msg00706.html
Aaron
-----Original Message-----
From: Mckenzie, Kenneth Mr CIV USA TRADOC
[mailto:kenneth.mckenzie@xxxxxxxxxxx] Sent: Friday, January 11, 2008
1:05 PM
To: Lippold, Aaron L CIV DISA PEO-GES
Subject: RE: Using CAC with RHEL SVR 5.1 (UNCLASSIFIED)
Importance: High
We have Dell Poweredge 4600 file server that is used has a software &
patch
repository.
System currently running REDHAT AS 4 Update 3.
Looking to upgrade system to REDHAT Enterprise Server 5 Update 1.
The intent is to have the system CAC compliant to Army standards.
With the below
1. Ability to have the system join our active directory domain. (For IAVA
SCANS)
2. Logon locally with CAC.
3. Access File share remotely via SSH/SCP by using SSO or CAC. Via our
https://nscops.leavenworth.army.mil
Any help/suggestion you have would be greatly appreciated.
Thanks!
V/R
Ken
Remember!
AMERICAN SOLDIERS!
They're The Reason We're Here!
Ken McKenzie
IT Specialist, NSC Ops
FT Leavenworth, KS
kenneth.mckenzie@xxxxxxxxxxxxxx
913-684-8397 DSN 552-8397
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
