Configuring CAC Authentication

Updated 25 September 2013

Tested hardware:
Advanced Card Systems Ltd
Model ACR38
P/N ACR38U-I1
S/N RR100-182985

Tested software:
CentOS release 6.4 (Final)
Linux baystate 2.6.32-358.18.1.el6.i686 #1 SMP Wed Aug 28 14:27:42 UTC 2013 i686 i686 i386 GNU/Linux

1.  Install these packages as root. 
# yum -y install rdesktop pcsc-lite esc

[root@baystate: ~]# rpm -qa |grep rdesktop
rdesktop-1.6.0-10.el6.i686

[root@baystate: ~]# rpm -qa |grep pcsc | sort
pcsc-lite-1.5.2-13.el6_4.i686
pcsc-lite-libs-1.5.2-13.el6_4.i686
pcsc-lite-openct-0.6.19-4.el6.i686

[root@baystate: ~]# rpm -qa |grep esc
esc-1.1.0-25.el6.centos.1.i686

2.  Make sure pcscd is set to run on boot and that the service will start manually.
# chkconfig pcscd on
# service pcscd start

3.  Reboot the machine.  Upon logging back in, make sure pcscd is running.
# ps -ef |grep pcscd (should return running process)

4.  Connect the smart card reader to the Linux workstation, and insert smart card.  

5.  Start up the SC manager GUI.
From the RedHat menu, click Applications > System Tools > Smart Card Manager 

6.  Run rdesktop with the smart card option.  Customize geometry as appropriate.

# rdesktop -g 1024x720 -a 16 -d windomain -u first.last machinename.fqdn -r scard

6.  There should be one or two Smart Card Logon options in addition to the usual ncepad\<user> 
logon option.  You probably need to select the left-most or first of the Smart Card Logon 
options.  Once selected, verify the Smart card logon is for "<10 DIGITS>@mil" rather than the 
logon that looks like this "....OU=PKI, OU=DoD, O=U.S. Government, ...."

7.  Supply your CAC's PIN as you normally would.

8.  Remote desktop should begin.

Virtual Box USB Tips:
http://jaanus.com/how-to-get-a-usb-smart-card-reader-to-work-in-virtualbox-guest/