Find the answer to your Linux question:
Results 1 to 5 of 5
Hi, I'd like to setup Smartcard two factor authentication on my my laptop. I'd rather use a card than a usb token but am at a loss as to what ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2008
    Posts
    16

    Smartcard two factor authentication


    Hi,

    I'd like to setup Smartcard two factor authentication on my my laptop. I'd rather use a card than a usb token but am at a loss as to what to buy. Any recommendations please on card reader/writer and card? Also any pointers on the software to use? For what its worth I'm running Ubuntu 9.10.

    Thanks in advance

  2. #2
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    Well it doesn't really matter much what card to use.
    Just make sure the PAM-Module supports your reader. I myself got a ChipDrive from Towitoko and that works just great. Its just now really a good idea to use for your Laptop.

    Also, if you protect your system with a Smartcard remember the factor that if somebody steals your laptop they'll just take out the HardDrive.
    And if you have an encrypted harddrive (with eg TrueCrypt) you have to watchout for the EvilMaid

    I'd advice to just get a USB for this. Lets say an IronKey (I havn't used these yet) or a Challange / Response system for login next from the Password.

    Hope that helps.

    Cheers,
    Robin
    New Users, please read this..
    Google first, then ask..

  3. #3
    Just Joined!
    Join Date
    Aug 2008
    Posts
    16

    Question

    Thank you Robin, very useful information.

    Yeah the idea was two factor smartcard + encrypted volume. Hadn't heard of evilmaid before, just done some googling - very interesting.

    I would like a smartcard just so I can carry it in my wallet, rather than a usb on a keyring etc. How would I confirm that my PAM module supports a given reader pls? I/m using ubuntu 9.10.

    Also a silly question - a smartcard reader, does that have the ability to write to the card i.e. write key to the card or do you need a dedicated writer? For example the gemplus 430 I've seen referred to as a reader only, yet in other places its called a reader/writer.

    Thanks in advance.

  4. #4
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    The reader writer thing I aint 100% sure about. Since well I just use a factor of my ATM Card I know for sure its Unique so =)

    And about the PAM Module well it depends which you use. I wrote my own as well I use a few factors from my ATM card and thus its Custom Software..
    Just google this and you'll figure it out. Also have a look at everything from opensc.


    Hope that helps.

    Cheers,
    Robin


    ps.
    As I am looking for a new reader myself (this thing is Serial) I googled youe GemPlus the first thing I noticed was: "GemPlus PC430 USB Smart Card Reader and Writer" so I think you can write with that too
    New Users, please read this..
    Google first, then ask..

  5. #5
    Just Joined!
    Join Date
    Aug 2008
    Posts
    16
    Great - thanks Robin.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •