- (djm) More makefile infrastructre for smartcard support, also based

   on Ben's work

diff --git a/ChangeLog b/ChangeLog
index c1393fc41433c6a3689f35e916821925fd57c669..bed2d99923f46b25c717d772d82a4b24c636582b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@
  - (djm) Configure support for smartcards. Based on Ben's work.
  - (djm) Revert setgroups call, it causes problems on OS-X
  - (djm) Avoid warning on BSDgetopt
+ - (djm) More makefile infrastructre for smartcard support, also based
+   on Ben's work
 
 20010917
  - (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds

diff --git a/Makefile.in b/Makefile.in
index edc9694351cc5b4d5ad3014b6ba00c9e35f7710e..d265918d16a8014b09884cbb21ba9951eb69c4c5 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -5,6 +5,7 @@ exec_prefix=@exec_prefix@
 bindir=@bindir@
 sbindir=@sbindir@
 libexecdir=@libexecdir@
+datadir=@datadir@
 mandir=@mandir@
 mansubdir=@mansubdir@
 sysconfdir=@sysconfdir@
@@ -149,6 +150,7 @@ distclean:
        rm -f *.out core
        rm -f Makefile config.h config.status ssh_prng_cmds *~
        (cd openbsd-compat; $(MAKE) distclean)
+       (cd scard; $(MAKE) distclean)
 
 veryclean:
        rm -f configure config.h.in *.0
@@ -169,14 +171,19 @@ catman-do:
 
 distprep: catman-do
        autoreconf
+       (cd scard ; $(MAKE) -f Makefile.in distprep)
 
 install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key
 install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
 
-install-files:
+scard-install:
+       (cd scard; $(MAKE) DESTDIR=$(DESTDIR) install)
+
+install-files: scard-install
        $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
        $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
        $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
+       $(srcdir)/mkinstalldirs $(DESTDIR)$(datadir)
        $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
        $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
        $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)

diff --git a/README.smartcard b/README.smartcard
new file mode 100644 (file)
index 0000000..499dc8e
--- /dev/null
+++ b/README.smartcard
@@ -0,0 +1,69 @@
+How to use smartcards with OpenSSH?
+
+OpenSSH contains experimental support for authentication using
+Cyberflex smartcards and TODOS card readers. To enable this you
+need to:
+
+(1) install sectok
+
+       $ cd /usr/src/lib/libsectok
+       $ make obj depend all install includes
+       $ cd /usr/src/usr.bin/sectok
+       $ make obj depend all install
+
+(2) enable SMARTCARD support in OpenSSH:
+
+       $ vi /usr/src/usr.bin/ssh/Makefile.inc
+       and uncomment
+               CFLAGS+=        -DSMARTCARD
+               LDADD+= -lsectok
+
+(3) load the Java Cardlet to the Cyberflex card:
+
+       $ sectok
+       sectok> login -d
+       sectok> jload /usr/libdata/ssh/Ssh.bin
+       sectok> quit
+
+(4) load a RSA key to the card:
+
+       please don't use your production RSA keys, since
+       with the current version of sectok/ssh-keygen
+       the private key file is still readable
+
+       $ ssh-keygen -f /path/to/rsakey -U 1
+       (where 1 is the reader number, you can also try 0)
+
+       In spite of the name, this does not generate a key.
+       It just loads an already existing key on to the card.
+
+(5) optional:
+
+       Change the card password so that only you can
+       read the private key:
+
+       $ sectok
+       sectok> login -d
+       sectok> setpass
+       sectok> quit
+
+       This prevents reading the key but not use of the
+       key by the card applet.
+
+       Do not forget the passphrase.  There is no way to
+       recover if you do.
+
+       IMPORTANT WARNING: If you attempt to login with the
+       wrong passphrase three times in a row, you will
+       destroy your card.
+
+(6) tell the ssh client to use the card reader:
+
+       $ ssh -I 1 otherhost
+
+(7) or tell the agent (don't forget to restart) to use the smartcard:
+
+       $ ssh-add -s 1
+
+-markus,
+Tue Jul 17 23:54:51 CEST 2001

diff --git a/configure.in b/configure.in
index 4cca5d57591c32d38d424a1677a3fc1da130044b..2a0b69ac4dcfd6dc157ee7b02e4bbe3930a0f339 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -2058,7 +2058,7 @@ fi
 
 AC_EXEEXT
 
-AC_OUTPUT(Makefile openbsd-compat/Makefile ssh_prng_cmds)
+AC_OUTPUT(Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds)
 
 # Print summary of options
 

diff --git a/scard/Makefile.in b/scard/Makefile.in
new file mode 100644 (file)
index 0000000..b01c2cb
--- /dev/null
+++ b/scard/Makefile.in
@@ -0,0 +1,27 @@
+# $Id$
+
+prefix=@prefix@
+datadir=@datadir@
+srcdir=@srcdir@
+top_srcdir=@top_srcdir@
+
+INSTALL=@INSTALL@
+
+VPATH=@srcdir@
+
+all:
+
+Ssh.bin:  Ssh.bin.uu
+       uudecode Ssh.bin.uu
+
+clean:
+       rm -rf Ssh.bin
+
+distprep: Ssh.bin
+
+distclean: clean
+       rm -f Makefile *~
+
+install: Ssh.bin
+       $(top_srcdir)/mkinstalldirs $(DESTDIR)$(datadir)
+       $(INSTALL) -m 0644 -s $(srcdir)/Ssh.bin $(DESTDIR)$(datadir)/Ssh.bin