Christopher Juckins

SysAdmin Tips, Tricks and other Software Tools

User Tools

Site Tools


cac_authentication

This is an old revision of the document!


Configuring CAC Authentication

Updated 25 September 2013

Tested hardware:

Advanced Card Systems Ltd Model ACR38 P/N ACR38U-I1 S/N RR100-182985

Tested software:

CentOS release 6.4 (Final) Linux baystate 2.6.32-358.18.1.el6.i686 #1 SMP Wed Aug 28 14:27:42 UTC 2013 i686 i686 i386 GNU/Linux

1.  Install these packages as root. 
# yum -y install rdesktop pcsc-lite esc

[root@baystate: ~]# rpm -qa |grep rdesktop
rdesktop-1.6.0-10.el6.i686

[root@baystate: ~]# rpm -qa |grep pcsc | sort
pcsc-lite-1.5.2-13.el6_4.i686
pcsc-lite-libs-1.5.2-13.el6_4.i686
pcsc-lite-openct-0.6.19-4.el6.i686

[root@baystate: ~]# rpm -qa |grep esc
esc-1.1.0-25.el6.centos.1.i686

2.  Make sure pcscd is set to run on boot and that the service will start manually.
# chkconfig pcscd on
# service pcscd start

3.  Reboot the machine.  Upon logging back in, make sure pcscd is running.
# ps -ef |grep pcscd (should return running process)

4.  Connect the smart card reader to the Linux workstation, and insert smart card.  

5.  Start up the SC manager GUI.
From the RedHat menu, click Applications > System Tools > Smart Card Manager 

6.  Run rdesktop with the smart card option.  Feel free to customize the geometry to fit your screen at home, e.g. "-g 640x480", "-g 100%", "-f" (full screen):

# rdesktop -g 1024x720 -a 16 -d ncepad -u first.last opc-w-arcgis.ncepad.noaa.gov -r scard

6.  There should be one or two Smart Card Logon options in addition to the usual ncepad\<user> logon option.  You probably need to select the left-most or first of the Smart Card Logon options.  Once selected, verify the Smart card logon is for "<10 DIGITS>@mil" rather than the logon that looks like this "....OU=PKI, OU=DoD, O=U.S. Government, ...."

7.  Supply your CAC's PIN as you normally would.

8.  Remote desktop should begin.
cac_authentication.1380141600.txt.gz · Last modified: 2013/09/25 16:40 by juckins