1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
The active ingredient in the cackey package is the file
/usr/lib/pkcs11/libcackey.so - which is a "PKCS #11 module".
Its usage depends on application to support it. It's similar in concept
to a PAM module or an NSS module.
Some applications it can be used with:
1. Firefox
2. Thunderbird
3. Chromium
4. OpenSSH
5. OpenConnect (VPN)
6. Kerberos
7. PAM (pam_pkcs11 module can load pkcs11 modules)
Loading the module will differ for each application. Here's how you do it
in current versions of Firefox on Linux:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11/Module_Installation
Chromium on Linux:
https://help.ubuntu.com/community/CommonAccessCard#Google_Chrome.2FChromium_Setup
OpenSSH is done by using either "ssh -I <module>" or (better) using an SSH
agent, for OpenSSH that would be done by using "ssh-add -s <module>".
OpenConnect is more complicated since it uses ilbp11.
Kerberos is done using PKINIT with a PKCS11 provider:
https://k5wiki.kerberos.org/wiki/Pkinit_configuration
http://web.mit.edu/Kerberos/krb5-1.9/krb5-1.9.1/doc/krb5-admin.html#pkinit-client-options
The pam_pkcs11 configuration is similarly complex, but targeted at PKCS#11.
|
