|
|
|
|
|
|
by timothy-quinn
2073 days ago
|
|
|
Support for PIV cards on Linux/Mac is kind of sporadic, and very much DIY. In most cases authentication gets kind of tricky because you need to set up everything yourself on the workstation. For web-based certificate authentication, if you follow instructions for setting up CACs, then you're usually good (but you have to just ignore the US Military specific stuff): https://militarycac.com/macnotes.htm Yubico also provide some instructions for each platform: https://developers.yubico.com/PIV/Guides/Smart_card-only_aut... https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PK... In the end though a centrally managed authentication solution isn't really easy a quick and easy set up for *nix or Mac, unlike Windows with Active Directory. Perhaps in the future something better will come along. And the same applies with iOS and Android - I've seen some pretty hacky products where they'll interface with smart card readers onto phones do things like authentication to websites or email encryption, but in the end you had to use the vendor's browsers/mail clients instead because only they could handle the integration with the PIV cards. YubiKeys can now connect to phones too, but you've gotta have the right combination of YubiKey and phone to get that connectivity going - and you're still limited to what the apps on the phone actually support. |
|
|