1. October 10, 2011

      Aladdin eToken on Ubuntu 11.10 (oneiric ocelot) amd64

      Update: In my mad rush to get everything working, I completely missed that 8.1 was released, which adds native 64-bitness. Apart from linking /usr/lib64/libeToken.so to /usr/lib/libeToken.so.8, there are no hacks required anymore! Yay!

      I’ve just installed the oneiric release candidate. And I like the changes. And I like that with a little tweaking, my eToken still works!

      I did a bare-metal install, as I’ve now upgraded to SSD. So, I’ve updated my tutorial to match.

      1. Install 11.10 amd64. Now, even though SAC amd64 is supposed to be amd64, they lied, and it ships with i386 binaries that just happen to work on amd64. So you’ll need to prep your x86_64 system with i386 goodness, by using: [code]sudo apt-get install ia32-libs libhal1 opensc pcscd[/code]

        • Note that I said libhal1, in DIRECT CONTRADICTION to SafeNet’s user guide. if you don’t, you’ll see things pop up in /var/log/syslog like [code]pcscd: dyn_unix.c:37:DYN_LoadLibrary() /usr/lib/pcsc/drivers/aks-ifdh.bundle/Contents/Linux/libAksIfdh.so: libhal.so.1: cannot open shared object file: No such file or directory[/code]
      2. You’ll need the 32-bit libpcsclite1 and libhal1. Simply run:
        [code]
        wget http://archive.ubuntu.com/ubuntu/pool/main/p/pcsc-lite/libpcsclite1_1.7.2-2ubuntu2_i386.deb
        wget http://archive.ubuntu.com/ubuntu/pool/main/h/hal/libhal1_0.5.14-0ubuntu6_i386.deb
        dpkg -x libpcsclite1_1.7.2-2ubuntu2_i386.deb libpcsclite1-i386
        dpkg -x libhal1_0.5.14-0ubuntu6_i386.deb libhal1-i386
        sudo cp libpcsclite1-i386/lib/libpcsclite.so.1.0.0 /lib32
        sudo cp libhal1-i386/usr/lib/libhal.so.1.0.0 /usr/lib32
        sudo ln -s /usr/lib32/libhal.so.1.0.0 /usr/lib32/libhal.so.1
        sudo ln -s /lib32/libpcsclite.so.1.0.0 /lib32/libpcsclite.so.1
        [/code]
      3. Download the SafeNet Authentication Client for Linux 8.0. In theory you should have a support agreement with SafeNet to download this, but you CAN find it on Google, including from SafeNet themselves (hint: try SAC instead of the full spelling). Install it with [code]dpkg -i SafenetAuthenticationClient-8.0.5-0_amd64.deb[/code]

      Note: if you’ve got this working before, you’ll notice that in 11.10 they’ve moved from /usr/lib being a link of /usr/lib64 to being it’s own directory; the result being the new location of /usr/lib64/libeTPkcs11.so for your PKCS11 applications.

      So there you go. If you add the /usr/lib64/libeTPkcs11.so to Firefox and Thunderbird, you should see your certificates. If you run PKIMonitor, you should be able to modify your eToken.

      For a quick verification, run [code]pkcs11-tool --module /usr/lib64/libeTPkcs11.so -L[/code], and you should see your eToken.

    2. July 8, 2011

      Aladdin eToken on Ubuntu 11.04 (natty narwhal) amd64

      Update: this has been updated for 11.10, check it out here.

      This is more complicated than it should be, for no real reason. I like my eToken, and have been trying for a good year to get it working on 64-bit Linux. Today, I sat down, started from scratch, and nutted it out. The following 3-step procedure should be all that’s needed to get it working.

      1. Install 11.04 amd64. Now, even though SAC amd64 is supposed to be amd64, they lied, and it ships with i386 binaries that just happen to work on amd64. So you’ll need to prep your x86_64 system with i386 goodness, by using: [code]sudo apt-get install ia32-libs libhal1 opensc pcscd[/code]

        • Note that I said libhal1, in DIRECT CONTRADICTION to SafeNet’s user guide. if you don’t, you’ll see things pop up in /var/log/syslog like [code]pcscd: dyn_unix.c:37:DYN_LoadLibrary() /usr/lib/pcsc/drivers/aks-ifdh.bundle/Contents/Linux/libAksIfdh.so: libhal.so.1: cannot open shared object file: No such file or directory[/code]
      2. Download the SafeNet Authentication Client for Linux 8.0. In theory you should have a support agreement with SafeNet to download this, but you CAN find it on Google, including from SafeNet themselves (hint: try SAC instead of the full spelling). Install it with [code]dpkg -i SafenetAuthenticationClient-8.0.5-0_amd64.deb[/code]
      3. Finally, you’ll need the 32-bit libpcsclite1. Simply run:
        [code]
        wget http://archive.ubuntu.com/ubuntu/pool/main/p/pcsc-lite/libpcsclite1_1.7.2-2ubuntu2_i386.deb
        dpkg -x libpcsclite1_1.7.2-2ubuntu2_i386.deb libpcsclite1-i386
        sudo cp libpcsclite1-i386/lib/* /lib32
        [/code]

      So there you go. If you add the /usr/lib/libeTPkcs11.so to Firefox and Thunderbird, you should see your certificates. If you run PKIMonitor, you should be able to modify your eToken.

      For a quick verification, run [code]pkcs11-tool --module /usr/lib/libeTPkcs11.so -L[/code], and you should see your eToken.

      Also, good-bye Windows XP. This was the last thing preventing me from using Ubuntu on a daily basis, and now you’ve been completely replaced.

    3. June 21, 2011

      KVM virtual console to physical TTY

      This took me longer than it should’ve to figure out… I wanted to take the virtual console (pts) from a KVM virtual machine, and map it to a physical tty, so that I could login to my virtual machine from the physical keyboard, without having to login to the virtual host itself. This can be done with a simple one-liner:

      screen /dev/pts/1 > /dev/tty9 < /dev/tty9 &

      Add that to /etc/rc.d/rc.local to start on system startup (hopefully after the VM has started), and I'm all set!