Libpam-poldi allows you to use your Fellowship crypto card to log in your GNU/Linux system.
First check if poldi detects your cardreader: ‘poldi-ctrl -d’. Unfortunately some cardreader doesn’t work with poldi and the existing free driver. For example the cardma4040 needs the non-free driver from Omnikey.
If poldi successfully detected your cardreader you can start to configure poldi. Poldi has a pretty good documentation so i will keep my explanations rather short.
Root has to register the new card for poldi:
poldi-ctrl –register-card –account <your-user-account> –serialno <serialno of your card>
You can also execute this command without ‘–account
The serialno can be found by executing ‘gpg –card-status’ and looking for “Application ID”.
Now we have to establish a mapping between the user and the smartcard he owns:
poldi-ctrl –associate –account <your-user-account> –serialno <serialno of your card>
Now you have to write your public key into the appropriate key file (you have to do this within your user account)
That’s it, now you can test it with ‘poldi-ctrl –test’
Now you have to tell pam, that you want to use poldi.
Therefore you have to edit the files in /etc/pam.d. If, for example, you want to login to kdm with your card, edit the file /etc/pam.d/kdm. Replace the line ‘@include common-auth’ with
auth required pam_poldi.so
If you want to login unattended, use
auth required pam_poldi.so try-pin=123456 quiet
And if you want to fallback to regular unix passwords, use
auth sufficient pam_poldi.so try-pin=123456 quietauth required pam_unix.so nullok_secure
Now you should be able to use your GnuPG smartcard to log in your GNU/Linux system.