Setup and Locking/Unlocking MATE With a Smart Card

Setup and Locking/Unlocking MATE With a Smart Card

https://ubuntu-mate.community/t/setup-and-locking-unlocking-mate-with-a-smart-card/27461

8 days later 29 days later

ericmarceau

1 Aug 2024 Hi again, @metalinux!

I realise this is not a direct fix or directly related to your specific issue, but … there is a page related to use of SmartCards for US Gov that makes reference to MacOS (linux spinoff) on two aspects of the problem, namely:

SSH from MacOS, and Configure a Linux Server. I realise that might be a stretch … but you never know where an answer will come from. :slight_smile:

There is also a section specifically dedicated to Yubico-PAM module, if you haven’t seen that yet, and a section specifically on Yubico PAM Single-factor configuration guide which might have direct relevance to your problem.

I underline that I offer these, even though I don’t understand the problem in depth :frowning: , but based on an abstraction of the issue you are facing for your context.

I also forgot to mention Arch Linux’s page on Yubikey. Their pages sometimes have hints/workarounds at the bleeding edge.

10 days later

metalinux

metalinux Aug 2024 Hi @ericmarceau and thank you so much for the lovely words of encouragement and for your added advice of fingerprint-recognition, looking into SmartCards via MacOS, the Yubico-PAM module and of course the excellent Arch Wiki regarding Yubikey. You similarly deserve a shower of kudos as well and seriously - thank you!

Ultimately, I found a workaround to this issue, which was to set up Smartcard Authentication in Gnome and then switch to the GDM Lock Screen in the MATE session.

I firstly installed Gnome and its dependencies with sudo apt install ubuntu-gnome-desktop and rebooted.

I then logged into the the MATE session, via GDM (selecting MATE instead of Gnome as the DE) upon successful boot up.

To switch directly to the GDM lock screen in the MATE session, I ran gdmflexiserver -ls in a terminal, which takes you directly to the GDM lock screen (it skips mate-screensaver) and then you can unlock the session with your SmartCard credentials there and then hop back into the same MATE session as before.

Thank you very much again to @ericmarceau , @ugnvs and @ricmarques for kindly giving your time and advice to assist here!

3 months later

gordon Nov 2024 MacOS (linux spinoff)

Technical details:

MacOS is not a Linux spin-off; it is UNIX-like, like Linux. MacOS is actually derived mostly from BSD, which was originally derived from UNIX code but veered from UNIX so much that it’s essentially a from-scratch rewrite. (There was a lawsuit between AT&T and the University of California at Berkeley regarding this in the early 90’s; the fallout from the legal battle was arguably one of the main reasons we’re all using Linux right now and not BSD.)

I hate to be nitpicky, but give credit where credit is due.