Linux/UNIX: Multi-Factor Authentication
Your PK Protect System Administrator may require you to confirm each of your devices, including the desktop application, with Multi-Factor Authentication (MFA). This system provides additional security to all the data, as if your password should become compromised, any attacker would also need possession of one or more mobile devices to access the PK Protect account, and the data protected by it.
Follow these steps to set up MFA support through Smart Cards on Linux.
Set Up Trust for the CA for Certificate on Smart Card with PK Protect with PKCertTool
Add the certificates associated with your Smart Card to the certificate store. You should have the certificates exported to a *.p7b file.
PK Protect manages digital certificates on Linux with pkcerttool
. Add the certificate file with pkcerttool -add -all
<*.p7b>
:
|
After you have added the certificates, Confirm PKCertTool sees them with pkcerttool -list -store ROOT
:
|
Set up the PK Protect Agent
To complete setup, run the interactive pkagent
script.
You should have this information at hand:
- PK Protect Server URL
- Email address configured with PK Protect Enterprise Manager
- Password for PK Protect Enterprise Manager
- Path to the Smart Card
|
Pairing Card with SEM with Smartkeys
Use pkzipc -listsm
to list Smartkeys configured on the system. This command will force the Smartkey's owner's login, and the card will pair with SEM.
|