Re: FW: Using CAC with RHEL SVR 5.1 (UNCLASSIFIED)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Since SSH supports RSApubkey authentication, all you need is an SSH client that will talk to the card. You can use, frex, the ID cert public key in the server's authorized_keys file. SSH, Inc. provides a Windows client (SSH Tectia Client) that will do this. It will happily load ActivIdentity's PKCS#11 DLL.

You don't get revocation checking, and you need to update the account when the user gets a new card, but it's better than passwords.

FWIW, there have been pushes to include X.509 authentication in the SSH protocol, but last I checked there was only one unofficial set of patches against OpenSSH implementing only one proposed version. SSH, Inc. has done some work along these lines and included it in both the Tectia client and server products, but the cert->account mapping was kludgy IMHO and nothing made its way into the standard protocol.

-- Tim


On Jan 15, 2008, at 5:09 PM, Lippold, Aaron L CIV DISA PEO-GES wrote:

Classification:  UNCLASSIFIED
Caveats: NONE

Hi,

Anyone have to quick how-to on number 3?

Aaron

-----Original Message-----
From: Mckenzie, Kenneth Mr CIV USA TRADOC
[mailto:kenneth.mckenzie@xxxxxxxxxxx]
Sent: Friday, January 11, 2008 1:05 PM
To: Lippold, Aaron L CIV DISA PEO-GES
Subject: RE: Using CAC with RHEL SVR 5.1 (UNCLASSIFIED)
Importance: High

We have Dell Poweredge 4600 file server that is used has a software & patch
repository.

System currently running REDHAT AS 4 Update 3.

Looking to upgrade system to REDHAT Enterprise Server 5 Update 1.

The intent is to have the system CAC compliant to Army standards.

With the below

1. Ability to have the system join our active directory domain. (For IAVA
SCANS)
2. Logon locally with CAC.
3. Access File share remotely via SSH/SCP by using SSO or CAC. Via our
https://nscops.leavenworth.army.mil

Any help/suggestion you have would be greatly appreciated.

Thanks!


V/R

Ken

Remember!
AMERICAN SOLDIERS!
They're The Reason We're Here!

Ken McKenzie
IT Specialist, NSC Ops
FT Leavenworth, KS
kenneth.mckenzie@xxxxxxxxxxxxxx
913-684-8397 DSN 552-8397



-----Original Message-----
From: Lippold, Aaron L CIV DISA PEO-GES [mailto:Aaron.Lippold@xxxxxxxx]
Sent: Friday, January 11, 2008 10:11 AM
To: McKenzie, Kenneth A CIV USA TRADOC
Cc: Linuxcac-developers
Subject: RE: Using CAC with RHEL SVR 5.1 (UNCLASSIFIED)

Classification:  UNCLASSIFIED
Caveats: NONE

Hi,

Could you send an email outlining what you need to do. I also cc'd the
linuxcac-develpers list here at DISA.

Thanks,

Aaron

-----Original Message-----
From: McKenzie, Kenneth A CIV USA TRADOC
[mailto:Kenneth.McKenzie@xxxxxxxxxxx]
Sent: Thursday, January 10, 2008 5:23 PM
To: Lippold, Aaron L CIV DISA PEO-GES
Cc: aaron.l.lippold@xxxxxxxxxxx
Subject: Using CAC with RHEL SVR 5.1
Importance: High

Sorry for the delay I had an L in your name sending again.



Web SVR we spoke about.



https://nscops.leavenworth.army.mil/



V/R

Ken

Remember!
AMERICAN SOLDIERS!
They're The Reason We're Here!

Ken McKenzie
IT Specialist
National Simulation Center Ops
FT Leavenworth, KS
kenneth.mckenzie@xxxxxxxxxxxxxx
<mailto:kenneth.mckenzie@xxxxxxxxxxxxxx>
913-684-8397 DSN 552-8397



From: McKenzie, Kenneth A CIV USA TRADOC
Sent: Thursday, January 10, 2008 4:02 PM
To: 'aaronl.lippold@xxxxxxxx'
Subject: https://nscops.leavenworth.army.mil/
Importance: High



https://nscops.leavenworth.army.mil/

V/R

Ken

Remember!
AMERICAN SOLDIERS!
They're The Reason We're Here!

Ken McKenzie
IT Specialist, NSC Ops
FT Leavenworth, KS
kenneth.mckenzie@xxxxxxxxxxxxxx
<mailto:kenneth.mckenzie@xxxxxxxxxxxxxx>
913-684-8397 DSN 552-8397




Classification:  UNCLASSIFIED
Caveats: NONE

Classification:  UNCLASSIFIED
Caveats: NONE

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux