Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[Mini Howto] US DoD CAC
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
wjholden
l33t
l33t


Joined: 01 Mar 2004
Posts: 818
Location: Honolulu, HI
PostPosted: Sat Apr 28, 2012 10:11 am    Post subject: [Mini Howto] US DoD CAC Reply with quote
Just sharing a few minor lessons learned getting a US DoD CAC to work with Gentoo/amd64/Firefox:
Code:
emerge pcsc-lite ccid
You'll need to add rc_hotplug="pcscd" to /etc/rc.conf, then
Code:
/etc/init.d/pcscd start
rc-update add pcscd default
Add app-crypt/coolkey to /etc/portage/package.unmask since it's ~amd64 masked at time of writing.
Code:
emerge --autounmask-write coolkey
etc-update
emerge coolkey
Open Firefox and create a security device under Edit > Preferences > Advanced > Encryption > Security Devices. Click "Load" and give it any name and specify /usr/lib/pkcs11/libcoolkeypk11.so as the module path.
You should be able to log into your CAC. If you get a weird "Status: Not Loaded" error you should restart your computer (I presume hotplug isn't correctly loaded).
I recommend you install DISA's Firefox Add-on. This will spare you the ordeal of .mil SSL certificates not validating. DISA's tool is not perfect but it helps.

Stay safe.
Back to top
View user's profile Send private message
wswartzendruber
Veteran
Veteran


Joined: 23 Mar 2004
Posts: 1197
Location: Jefferson, USA
PostPosted: Sat Apr 28, 2012 3:16 pm    Post subject: Reply with quote
Hey I still have my USMC CAC. Any chance I can put my own certificates on it?
Back to top
View user's profile Send private message
wjholden
l33t
l33t


Joined: 01 Mar 2004
Posts: 818
Location: Honolulu, HI
PostPosted: Mon Apr 30, 2012 8:26 am    Post subject: Reply with quote
wswartzendruber wrote:
Hey I still have my USMC CAC. Any chance I can put my own certificates on it?
Lol I wish, once a card is issued it ordinarily cannot be rewritten with new certificates.
Back to top
View user's profile Send private message
wswartzendruber
Veteran
Veteran


Joined: 23 Mar 2004
Posts: 1197
Location: Jefferson, USA
PostPosted: Mon Apr 30, 2012 2:03 pm    Post subject: Reply with quote
Rats! Well that explains why the certs expire when the card expires.
Back to top
View user's profile Send private message
bklive
n00b
n00b


Joined: 31 Dec 2011
Posts: 3
Location: Georgia
PostPosted: Tue May 08, 2012 11:09 pm    Post subject: Reply with quote
What about Chromium? The settings dialogues are unclear as to adding a security device
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2013 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p9 © 2001, 2002 phpBB Group