Difference between revisions of "Aladdin eToken PRO Manual Installation"
(One intermediate revision by the same user not shown) | |||
Line 21: | Line 21: | ||
===RHEL4 Pre-installation=== | ===RHEL4 Pre-installation=== | ||
− | The [[Media:Mkproxy.tar.gz|Mkproxy.tar.gz]] tarball contains all the required binaries for RHEL4 compatible platforms. After unpacking the tarball, copy over the files to their respective locations: | + | The [[Media:Mkproxy-rhel4.tar.gz|Mkproxy-rhel4.tar.gz]] tarball contains all the required binaries for RHEL4 compatible platforms. After unpacking the tarball, copy over the files to their respective locations: |
− | |||
cp -rp bin/* /usr/local/bin | cp -rp bin/* /usr/local/bin | ||
cp -rp lib/* /usr/local/lib | cp -rp lib/* /usr/local/lib | ||
Line 101: | Line 100: | ||
SYSFS{idVendor}=="0529", SYSFS{idProduct}=="0600", SYSFS{product}=="Token 4.2*", \ | SYSFS{idVendor}=="0529", SYSFS{idProduct}=="0600", SYSFS{product}=="Token 4.2*", \ | ||
RUN="/etc/hotplug.d/usb/etoken.hotplug" | RUN="/etc/hotplug.d/usb/etoken.hotplug" | ||
+ | |||
+ | # Sigh: Kernel 2.6.22+ changed the SUBSYSTEM name... | ||
+ | ACTION=="add", SUBSYSTEM=="usb", \ | ||
+ | SYSFS{idVendor}=="0529", SYSFS{idProduct}=="0600", SYSFS{product}=="Token 4.2*", \ | ||
+ | RUN="/etc/hotplug.d/usb/etoken.hotplug" | ||
+ | |||
+ | '''Note''': In kernel 2.6.22+ the SUBSYSTEM name was changed from 'usb_device' to 'usb'. Hence the double ACTION rule. | ||
3. For systems that use <tt>udev</tt>, i.e. all systems with Linux kernel 2.6.16+ install this version of the [[Media:etoken.hotplug|etoken.hotplug]] script in <tt>/etc/hotplug.d/usb</tt>: | 3. For systems that use <tt>udev</tt>, i.e. all systems with Linux kernel 2.6.16+ install this version of the [[Media:etoken.hotplug|etoken.hotplug]] script in <tt>/etc/hotplug.d/usb</tt>: |
Latest revision as of 13:19, 5 February 2008
Manual Installation of the eToken PRO software on Linux
Prerequisites
Before running the installation script, verify that the PC/SC Lite pcscd deamon is installed on your box. The eToken installation script is very picky about the location where this deamon is installed and will refuse to continue if it is not present in
/usr/local/sbin/pcscd
If your pcscd deamon is installed elsewhere then create a symlink.
The RTE software is linked against the following shared libraries:
- /lib/ld-linux.so.2
- libc.so.6
- libdl.so.2
- libgcc_s.so.1
- libm.so.6
- libpcsclite.so.0 (Note: it is safe to symlink libpcsclite.so.0 to libpcsclite.so.1)
- libpthread.so.0
- libusb-0.1.so.4
- Fedora and RedHat tarballs: libstdc++.so.6
- Suse tarball: libstdc++.so.5
It may be possible to use the eToken RTE software on other Linux distributions, provided that these shared libraries are present.
RHEL4 Pre-installation
The Mkproxy-rhel4.tar.gz tarball contains all the required binaries for RHEL4 compatible platforms. After unpacking the tarball, copy over the files to their respective locations:
cp -rp bin/* /usr/local/bin cp -rp lib/* /usr/local/lib cp -rp sbin/* /usr/local/sbin
Running the Aladdin installation script
Unpack the .rar file using
rar x eToken_PKI_Client_for_Linux_v3_65.rar
which will extract the files
- etoken-3-65.3-linux-Fedora-i386.tar.gz : Fedora Core 4 and higher
- etoken-3-65.3-linux-redhat-i386.tar.gz : Redhat Enterprise Linux 4 and higher
- etoken-3-65.3-linux-suse-i386.tar.gz : Novell Suse Linux
(and a few others) to the current directory.
Extract the .tar.gz tarball that closest matches your Linux distribution. All files will be extracted to a directory etoken-3-65.3-linux-i386. cd into this directory and run the installation program:
./petoken install 4
where the number 4 indicates how many tokens you wish to support simultaneously (this is the default value).
./petoken install 4 Starting Aladdin eTokend daemon: Starting pcscd daemon: Modifying /etc/ld.so.conf Aladdin Etoken RTE installation finished Warning: you have two pcscd installations (in /usr and in /usr/local)
Installation is complete. The installation script will have installed the appropriate deamons and /etc/init.d startup script, such that the eToken software is loaded at system startup.
The petoken installation script is a total nightmare. If anything goes wrong during installation then the installation is aborted. You will need to run
./petoken uninstall
before you can continue. However , the 'uninstall' command also erases the installation program itself, so you need to unpack the .tar.gz tarball again before you can continue.
Post-installation cleanup
The system startup/shutdown scripts that come with the RTE software are quite atrocious. In most cases the etsrvd daemon will fail to come up at boot time. By installing these custom versions of the etokend and etsrvd scripts the startup success ratio dramatically improves, plus, they print pretty OK or FAILURE messages too.
- RedHat/Fedora users: install this version of etokend in /etc/init.d
- RedHat/Fedora users: install this version of etsrvd in /etc/init.d
- SuSE users: install this version of etokend in /etc/init.d
- SuSE users: install this version of etsrvd in /etc/init.d
- run
chkconfig --level 2345 etokend on chkconfig --level 2345 etsrvd on
to enable the services. You can also remove the old startup scripts as installed by the RTE software
rm -f /etc/rc?.d/S10etoken rm -f /etc/rc?.d/S30etoken
If you have installed the Aladdin RTE software on a Linux system which uses udev to provide hotplugging device support - i.e. Fedora Core 5 or any system running Linux kernel 2.6.16 or higher - then you need to do a post-installation cleanup. If this step is skipped your eToken will not be accessible after the next reboot.
1. install this version of etoken.conf in /etc/reader.conf.d:
# Aladdin eToken virtual reader #0 FRIENDLYNAME "AKS ifdh" DEVICENAME /dev/null LIBPATH /usr/local/lib/aksifdh.so CHANNELID 0x11111111 # Aladdin eToken virtual reader #1 FRIENDLYNAME "AKS ifdh" DEVICENAME /dev/null LIBPATH /usr/local/lib/aksifdh.so CHANNELID 0x11111112 # Aladdin eToken virtual reader #2 FRIENDLYNAME "AKS ifdh" DEVICENAME /dev/null LIBPATH /usr/local/lib/aksifdh.so CHANNELID 0x11111113 # Aladdin eToken virtual reader #3 FRIENDLYNAME "AKS ifdh" DEVICENAME /dev/null LIBPATH /usr/local/lib/aksifdh.so CHANNELID 0x11111114
2. install these 20-etoken.rules in /etc/udev/rules.d:
ACTION=="add", SUBSYSTEM=="usb_device", \ SYSFS{idVendor}=="0529", SYSFS{idProduct}=="0600", SYSFS{product}=="Token 4.2*", \ RUN="/etc/hotplug.d/usb/etoken.hotplug" # Sigh: Kernel 2.6.22+ changed the SUBSYSTEM name... ACTION=="add", SUBSYSTEM=="usb", \ SYSFS{idVendor}=="0529", SYSFS{idProduct}=="0600", SYSFS{product}=="Token 4.2*", \ RUN="/etc/hotplug.d/usb/etoken.hotplug"
Note: In kernel 2.6.22+ the SUBSYSTEM name was changed from 'usb_device' to 'usb'. Hence the double ACTION rule.
3. For systems that use udev, i.e. all systems with Linux kernel 2.6.16+ install this version of the etoken.hotplug script in /etc/hotplug.d/usb:
#!/usr/bin/perl use Socket; #use Data::Dumper; open STDERR, ">> /var/log/etoken.log"; #print STDERR Dumper(\%ENV); # check environment # is hotplugging enabled in the kernel -> then we're not running udev $hotplug = `/sbin/sysctl kernel.hotplug`; chomp $hotplug; if ($hotplug =~ /kernel.hotplug = (\W+)/) { die "Call with undefined environment is ignored" unless defined($ENV{"DEVICE"}) && defined($ENV{"ACTION"}); $device = $ENV{"DEVICE"}; } else { die "Call with undefined environment is ignored" unless defined($ENV{"DEVNAME"}) && defined($ENV{"ACTION"}); $device = $ENV{"DEVNAME"}; $device =~ s/dev/proc/; } # build request structure for insertion/removal $data_len = length($device) + 1; # one more for null-terminator $magic = 0x55AAAA55; $insert_token = 1; $remove_token = 2; $command = ($ENV{ACTION} eq "add") ? $insert_token : $remove_token; $data = pack("IIIIIIa" . $data_len, $magic, 0, 0, $command, $data_len, 0, $device); $socket_name = "/var/tmp/.etokend"; # open socket with eTokend socket (SOCK,PF_UNIX,SOCK_STREAM, 0) or die "socket: $!"; connect (SOCK, sockaddr_un($socket_name)) or die "connect $socket_name: $!"; print SOCK $data; close SOCK;