Sophie

Sophie

distrib > Fedora > 15 > i386 > by-pkgid > b180f35ae92be277db92f66ffc4f4a50 > files > 32

openct-0.6.20-2.fc15.i686.rpm

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:html="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>
      RemoteAccess – OpenCT
    </title><style type="text/css">
           @import url(trac.css);
          </style></head><body><div id="content" class="wiki">
      <div class="wikipage searchable">
        
          <h1 id="RemoteAccesstosmartcardreaders">Remote Access to smart card readers</h1>
<p>
NOTE: This page is completely untested.
</p>
<p>
OpenCT includes a very simple facility to access smart card readers
on a remote system. Please note that this mechanism has no security
mechanisms in it at all. Therefore please use it only on trusted networks,
or add a security wrapper like openssl to it. 
</p>
<p>
The setup needs to be done one two machines: the machine with the reader,
and the machine with the software that wants to access the reader. We will
call these machines "mwr" and "mws" in this example. 
</p>
<p>
On the machine with the reader, add it as usual to the openct.conf,
here is an example for a serial reader:
</p>
<pre class="wiki" xml:space="preserve">reader xiring {
        driver = xiring;
        device = serial:/dev/ttyS0;
};
</pre><p>
In addition to that you need to start ifdproxy on the machine with the
reader, and point the proxy to the machine with the software:
</p>
<pre class="wiki" xml:space="preserve">root@mwr# ifdproxy export xiring /dev/ttyS0 mws:6666
</pre><p>
On the machine with the software, you need to edit openct.conf like this:
</p>
<pre class="wiki" xml:space="preserve">
ifdhandler = /usr/sbin/ifdhandler;
ifdproxy {
        server-port     = /var/run/openct/proxy,
        device-port     = :6666;
};
reader xiring {
        driver = xiring;
        device = remote:serial1@/var/run/openct/proxy;
};
</pre><p>
and then start openct via the init.d script as normal:
</p>
<pre class="wiki" xml:space="preserve">root@mws# /etc/init.d/openct start
root@mws# ifdproxy server
</pre><p>
now you should be able to see the remote reader using the ifproxy list command:
</p>
<pre class="wiki" xml:space="preserve">root@mws# ifdproxy list
Exported devices
  serial1          MachineB's_IP                 xiring
</pre><h2 id="Addingsecurity">Adding security</h2>
<p>
As discussed, the setup above is completely unsecure. But with the openssl
commands, it can be improved:
</p>
<p>
TODO
</p>

        
        
      </div>
    </div><div class="footer"><hr></hr><p><a href="index.html">Back to Index</a></p></div></body></html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional