Very good instructions are on the Ubuntu Help pages. This guide clarifies a few vague elements, and reorganizes the information to help you troubleshoot.
There are five simple steps:
- Get an appropriate card reader
- Install the card reader software (pcsd)
- Test the card, reader, and software
- Install cackey
- Install the DOD certs and point Firefox to the card reader
The Firefox extension requires cackey, cackey requires pcsd, pcsd requires hardware to detect. We will follow best practice for Debian/Ubuntu and install the dependences first, in the right order.
Get A Card Reader
There's nothing to add here. The Ubuntu Help page says it all.Install Card Reader Software
sudo apt-get install pcscd pcsc-tools
The key software you need is the pcsc daemon, and it's libpcsclite1 dependency. pcsc-tools is handy for testing the connection in the next step.
Test the card reader and software
Insert your CAC card and run:
pcsc_scan
As shown in the Ubuntu Help page, pcscd will clearly show you if your card reader and card are detected.
Install cackey
The cackey library provides access to the cryptographic and certificate functions of the CAC card.1) You need to know if your Ubuntu system is a 32-bit or 64-bit install. Don't trust a sticker of what you remember - checking takes but a moment:
uname -i
If the result is 'i386' or similar, you are running a 32-bit system. Look for a download labeled 'i386'.
If the result is 'x86_64' or similar, you are running a 64-bit system. Look for a download labeled 'amd64'
2) There are two places to download the latest cackey package from:
https://software.forge.mil/sf/projects/community_cac (CAC required)
http://cackey.rkeene.org/fossil/home (non-CAC)
3) Download the latest cackey .deb package. Be sure to choose between 32/64 bit properly - the wrong package will happily install...but won't work.
4) Bug workaround for 64-bit only: Cackey tries to install to the /usr/lib64 directory, which probably doesn't exist on your system. Simply create it. This bug does not affect 32-bit users, who can safely ignore this entire paragraph.
5) Finally, install the downloaded cackey deb using the 'dpkg --install' command.
Example:
1) I'm running a 64-bit system.
3) I downloaded cackey_0.7.5-1_amd64.deb to my Downloads directory.
Then I installed the deb using:
sudo mkdir /usr/lib64 ## Step 4 - 64-bit bug workaround sudo dpkg --install ~/Downloads/cackey_0.7.5-1_amd64.deb ## Step 5
Install DOD Certificates and Point Firefox to the Card Reader
Happily, forge.mil has a Firefox add-on that does all this for you!1) Simply download the latest 'dod_configuration-X.X.X.xpi' file from http://www.forge.mil/Resources-Firefox.html (non-CAC).
2) Quit Firefox
3) Double-click on the dod_configuration-X.X.X.xpi file you downloaded (it might be in your Downloads directory). Firefox will restart, and offer to install the add-on. Go ahead and install it.
Testing
Try your favorite CAC website (like AKO or OWA) and see if the site works, and if the site communicates properly with your card.Be sure your USB card reader is snugly inserted, of course.
Start (or restart) Firefox after your CAC reader and card are inserted and recognized by the system.
No comments:
Post a Comment