openconnect automation

David Woodhouse dwmw2 at infradead.org
Fri Aug 31 15:58:51 EDT 2012


On Fri, 2012-08-31 at 15:06 -0400, Mcclelland, Michael B Mr CTR USN USA
wrote:
> Will this still work if I'm using the a pkcs url to a private key on a
> smart card?.  I've tried snapshots of the upcoming release and
> recompiling the network manager-suite and openconnect plugins against
> the modern libraries and I've never noticed anything that would
> suggest the gui can pull a private key from a smartcard.  Am I missing
> something?

This should be working out of the box with Fedora 17 — or with current
versions of everything, built against GnuTLS, anywhere. If not, let me
know and we'll fix it. I'm not aware of anything that still isn't
working correctly.

The only thing that's missing is the ability to *configure* it using the
GUI. You can't use the GUI to *select* the private key from the
smartcard; you have to set up the connection in NetworkManager without a
key, then edit the file (in /etc/NetworkManager/system-connections/) and
change the userkey= and usercert= lines to contain the correct PKCS#11
URL.

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120831/7b4cd0e7/attachment.bin>


More information about the openconnect-devel mailing list