Smart Card Functionality / CA Certificates

Here you can post about the issues related to modifications performed manually (not through the kiosk wizard). Example: swapped kernel, added 3rd party modules or files.
Please describe in detail what has been changed and hopefully other kiosk user will be able to help.
Porteus team wont resolve bugs posted in this category as we support only modifications made by the kiosk wizard.
Forum rules
Porteus Kiosk section of the forum is unmaintained now. Its kept in a 'read only' mode for archival purposes.
Please use the kiosk contact page for directing your queries: https://porteus-kiosk.org/contact.html
rndm50
Ronin
Ronin
Posts: 2
Joined: 21 Oct 2021, 09:36
Distribution: Porteus Kiosk 5.3

Smart Card Functionality / CA Certificates

Post#1 by rndm50 » 21 Oct 2021, 09:55

Hello,

I have waited as long as possible to make this post and tried scouring the forms and internet for possible solutions. I now am turning to the forum for help. I am trying to set up a Kiosk solution for our University and some websites that our students will need to visit require the use of Smart cards to log in. I first started off by getting the functionality working on my Ubuntu machine. I am able to use my smart card and reader and have uploaded all necessary CA certificates and I am able to access these sites.

My thought process was to take all the packages that were installed for my ubuntu, unpack the 003-settings.xzm file and place them in the relevant directories and then re-make the ISO. I did this and then upon making the ISO bootable off of USB, none of my initial configurations loaded (IE. network settings, homepage settings, bookmarks etc.) I then set about trying to find a completed module and just adding it to the xzm folder and remaking the ISO. I went with the xzm file from this post Module for Smart Card Athena .

I moved it to the xzm folder and created the new ISO and made it bootable for USB and then re-imaged. When I then tried to load this image, the system would not boot. I could see an error at the top stating something was not found in a certain directory. (Cant remember at the moment but if you need the error I can remake the ISO and try to start it back up) I am still not sure I moved over the certificates properly, the only thing I could find and try to do was to move my cert9.db file from my .mozilla/firefox folder and placed it into that unpacked 003-setting.xzm folder in the same directory.

Any help is appreciated and I know I am probably not understanding how to properly build my own xzm module but I have looked at many different guides and I am having no luck. I hope to hear from somebody, I just want Smart card functionality and to move over certain certificates :wall:

beny
Full of knowledge
Full of knowledge
Posts: 2086
Joined: 02 Jan 2011, 11:33
Location: italy

Smart Card Functionality / CA Certificates

Post#2 by beny » 21 Oct 2021, 19:30

hi this is the link for the last packages of pcsc-lite are 9 files: https://www.mediafire.com/folder/wsomfu ... /pcsc-lite work well on firefox:. settings privacy&security,certificates,security devices,you have to load the /usr/lib64/opensc-pkcs11.so, start the pcsc daemon and when you insert the smartcard you have a popup where you write the ca-certificate to log in.

rndm50
Ronin
Ronin
Posts: 2
Joined: 21 Oct 2021, 09:36
Distribution: Porteus Kiosk 5.3

Smart Card Functionality / CA Certificates

Post#3 by rndm50 » 22 Oct 2021, 11:34

Thanks for the reply beny,

I downloaded the files from the link you provided and placed them into my xzm folder. However, I guess I am a bit confused still with the security certificates and the opensc-pks11.so part. The opensc package that I used from my previous post does not work when placed in my xzm folder. Upon trying to boot, I receive an error in the top right stating /init: exec: line140: /sbin/switch_root: not found

So im assuming its something with the package I downloaded. I did find another opensc at https://github.com/OpenSC/OpenSC/releases but I am unsure how to turn the .tar.gz to a functioning xzm module.

Can you also explain to me how exactly I should load the opensc-pkcs11.so through the /usr/lib64? I mean I did get this working through my ubuntu and understand I had to start the daemon but how would I do this in the kiosk implementation? Is it something I would have to SSH into the machine and manually start this process each time the kiosk starts? Also, do you happen to know where I can place any certificates I downloaded so that firefox will pull them in when the kiosk starts? I thought moving my cert9.db from my ubuntu machine over to the /home/guest/.mozilla/firefox/[string].default file on the unpacked 003-settings.xzm would pull in what I need.

I apologize if some of this is basic and im not understanding but I am trying to get this going soon. Any help is appreciated!

beny
Full of knowledge
Full of knowledge
Posts: 2086
Joined: 02 Jan 2011, 11:33
Location: italy

Smart Card Functionality / CA Certificates

Post#4 by beny » 22 Oct 2021, 11:51

hi i suppose that you run a porteus version based on slackware but if i remember well kiosk is gentoo based so i think you have to search help at the maintainer of kiosk.. fanthom because the different packages system,but if you want to try porteus 5 the pcsc-lite work on ,sorry for the mistake.but if you want to try in firefox load the opensc-pks11 into the form security device load the path of the opensc file btw you have the smartcard reader connected to the computer after this step,on the left you have the device driver listed,start the....you have the rc.d directory? the pcsc daemon and insert the card into the smartcard reader.

Locked