Difference between revisions of "Aladdin eToken PRO Manual Installation"
Line 49: | Line 49: | ||
Warning: you have two pcscd installations (in /usr and in /usr/local) | Warning: you have two pcscd installations (in /usr and in /usr/local) | ||
− | Installation is complete. The installation script will have installed the appropriate deamons and <tt>/etc/init.d</tt> startup script, such that the eToken software is loaded at system startup | + | Installation is complete. The installation script will have installed the appropriate deamons and <tt>/etc/init.d</tt> startup script, such that the eToken software is loaded at system startup. |
The <tt>petoken</tt> installation script is a total nightmare. If anything goes wrong during installation then the installation is aborted. You will need to run | The <tt>petoken</tt> installation script is a total nightmare. If anything goes wrong during installation then the installation is aborted. You will need to run |
Revision as of 12:41, 24 May 2007
Manual Installation of the eToken PRO software on Linux
Prerequisites
Before running the installation script, verify that the PC/SC Lite pcscd deamon is installed on your box. The eToken installation script is very picky about the location where this deamon is installed and will refuse to continue if it is not present in
/usr/local/sbin/pcscd
If your pcscd deamon is installed elsewhere then create a symlink.
The RTE software is linked against the following shared libraries:
- /lib/ld-linux.so.2
- libc.so.6
- libdl.so.2
- libgcc_s.so.1
- libm.so.6
- libpcsclite.so.0 (Note: it is safe to symlink libpcsclite.so.0 to libpcsclite.so.1)
- libpthread.so.0
- libusb-0.1.so.4
- Fedora and RedHat tarballs: libstdc++.so.6
- Suse tarball: libstdc++.so.5
It may be possible to use the eToken RTE software on other Linux distributions, provided that these shared libraries are present.
RHEL4 Pre-installation
The Mkproxy.tar.gz tarball contains all the required binaries for RHEL4 compatible platforms. After unpacking the tarball, copy over the files to their respective locations:
cd ./rhel4 cp -rp bin/* /usr/local/bin cp -rp lib/* /usr/local/lib cp -rp sbin/* /usr/local/sbin
Running the Aladdin installation script
Unpack the .rar file using
rar x eToken_PKI_Client_for_Linux_v3_65.rar
which will extract the files
- etoken-3-65.3-linux-Fedora-i386.tar.gz : Fedora Core 4 and higher
- etoken-3-65.3-linux-redhat-i386.tar.gz : Redhat Enterprise Linux 4 and higher
- etoken-3-65.3-linux-suse-i386.tar.gz : Novell Suse Linux
(and a few others) to the current directory.
Extract the .tar.gz tarball that closest matches your Linux distribution. All files will be extracted to a directory etoken-3-65.3-linux-i386. cd into this directory and run the installation program:
./petoken install 4
where the number 4 indicates how many tokens you wish to support simultaneously (this is the default value).
./petoken install 4 Starting Aladdin eTokend daemon: Starting pcscd daemon: Modifying /etc/ld.so.conf Aladdin Etoken RTE installation finished Warning: you have two pcscd installations (in /usr and in /usr/local)
Installation is complete. The installation script will have installed the appropriate deamons and /etc/init.d startup script, such that the eToken software is loaded at system startup.
The petoken installation script is a total nightmare. If anything goes wrong during installation then the installation is aborted. You will need to run
./petoken uninstall
before you can continue. However , the 'uninstall' command also erases the installation program itself, so you need to unpack the .tar.gz tarball again before you can continue.
Post-installation cleanup
The system startup/shutdown scripts that come with the RTE software are quite atrocious. In most cases the etsrvd daemon will fail to come up at boot time. By installing these custom versions of the etokend and etsrvd scripts the startup success ratio dramatically improves, plus, they print pretty OK or FAILURE messages too.
chkconfig --level 2345 etokend on chkconfig --level 2345 etsrvd on
to enable the services. You can also remove the old startup scripts as installed by the RTE software
rm -f /etc/rc?.d/S10etoken rm -f /etc/rc?.d/S30etoken
If you have installed the Aladdin RTE software on a Linux system which uses udev to provide hotplugging device support - i.e. Fedora Core 5 or any system running Linux kernel 2.6.16 or higher - then you need to do a post-installation cleanup. If this step is skipped your eToken will not be accessible after the next reboot.
1. install this version of etoken.conf in /etc/reader.conf.d:
# Aladdin eToken virtual reader #0 FRIENDLYNAME "AKS ifdh" DEVICENAME /dev/null LIBPATH /usr/local/lib/aksifdh.so CHANNELID 0x11111111 # Aladdin eToken virtual reader #1 FRIENDLYNAME "AKS ifdh" DEVICENAME /dev/null LIBPATH /usr/local/lib/aksifdh.so CHANNELID 0x11111112 # Aladdin eToken virtual reader #2 FRIENDLYNAME "AKS ifdh" DEVICENAME /dev/null LIBPATH /usr/local/lib/aksifdh.so CHANNELID 0x11111113 # Aladdin eToken virtual reader #3 FRIENDLYNAME "AKS ifdh" DEVICENAME /dev/null LIBPATH /usr/local/lib/aksifdh.so CHANNELID 0x11111114
2. install these 20-etoken.rules in /etc/udev/rules.d:
ACTION=="add", SUBSYSTEM=="usb_device", \ SYSFS{idVendor}=="0529", SYSFS{idProduct}=="0600", SYSFS{product}=="Token 4.2*", \ RUN="/etc/hotplug.d/usb/etoken.hotplug"
3. For systems that use udev, i.e. all systems with Linux kernel 2.6.16+ install this version of the etoken.hotplug script in /etc/hotplug.d/usb:
#!/usr/bin/perl use Socket; #use Data::Dumper; open STDERR, ">> /var/log/etoken.log"; #print STDERR Dumper(\%ENV); # check environment # is hotplugging enabled in the kernel -> then we're not running udev $hotplug = `/sbin/sysctl kernel.hotplug`; chomp $hotplug; if ($hotplug =~ /kernel.hotplug = (\W+)/) { die "Call with undefined environment is ignored" unless defined($ENV{"DEVICE"}) && defined($ENV{"ACTION"}); $device = $ENV{"DEVICE"}; } else { die "Call with undefined environment is ignored" unless defined($ENV{"DEVNAME"}) && defined($ENV{"ACTION"}); $device = $ENV{"DEVNAME"}; $device =~ s/dev/proc/; } # build request structure for insertion/removal $data_len = length($device) + 1; # one more for null-terminator $magic = 0x55AAAA55; $insert_token = 1; $remove_token = 2; $command = ($ENV{ACTION} eq "add") ? $insert_token : $remove_token; $data = pack("IIIIIIa" . $data_len, $magic, 0, 0, $command, $data_len, 0, $device); $socket_name = "/var/tmp/.etokend"; # open socket with eTokend socket (SOCK,PF_UNIX,SOCK_STREAM, 0) or die "socket: $!"; connect (SOCK, sockaddr_un($socket_name)) or die "connect $socket_name: $!"; print SOCK $data; close SOCK;