Fedora Core 6 has added smartcard support to their system configuration. At the moment only JavaCards and one fist smartcard (->http://directory.fedora.redhat.com/wiki/CoolKey) is supported out of the box. But chances are good, to twist everythings this way that Aladdin eToken will run, too.
Smartcard Configuration
Smartcard Logon
To enable all these nice features fedora core has added several patches to the original pam_pkcs11-0.5.3:
pam_pkcs11-0.5.3-wait-for-card.patch pam_pkcs11-0.5.3-setup-tool.patch pam_pkcs11-0.5.3-reject_unloaded_module.patch pam_pkcs11-0.5.3-putenv-login-token.patch pam_pkcs11-0.5.3-ocsp.patch pam_pkcs11-0.5.3-nss.patch pam_pkcs11-0.5.3-cardonly.patch
These patches use several NSS Certificate Functions i.e.
- to verify that only Email-Signing-Certificates can be used to authenticate with the eToken. Bad. Many existing tokens do not have these certificates! Reminds me, that you are only able to authenticate to a windows machine, using Windows-Logon-Certifcates...
- Moreover thinks like Online Certificate Status Protocol is added. That's fine.