Configure Linux Clients

If any users are accessing sp from Linux clients, configure those clients for sp CAC Authentication.
casp1031
If any users are accessing
CA Spectrum
from Linux clients, configure those clients for
CA Spectrum
CAC Authentication.
Follow these steps:
  1. Run mkoctar script on the OneClick server by doing the following:
    1. Set the environment variable SPECROOT to the SPECTRUM root directory.
    2. Navigate to <
      $SPECROOT>
      /tomcat/webapps/spectrum/
    3. Run the following command:
      ./mkoctar - servercert
      <oneclick_certificate_alias>
      -cert
      <root_alias>
      -cert
      <int_alias_1>
      -cert
      <int_alias_2>
    4. - servercert <oneclick_certificate_alias>
      1. Specifies the alias for the OneClick web server certificates. If you created a self-signed certificate, the OneClick certificate alias is "tomcatssl".
    5. -cert <root_alias>
      1. Specifies the alias for the root certificate, as defined in Add Intermediate and Root Certificates to CA Spectrum.
    6. -cert <int_alias_1>
      1. Specifies the alias for the first intermediate certificate, as defined in Add Intermediate and Root Certificates to CA Spectrum.
    7. -cert <int_alias_2>
      1. Specifies the alias for the second intermediate certificate, as defined in Add Intermediate and Root Certificates to CA Spectrum.
    8. (Optional) Run the following command if you see a Permission Denied error:
      chmod +x mkoctar
    9. (Optional) Run the following command to view additional options:
      ./mkoctar -h
    This command produces the file "oc.tar" in the same directory. You can now copy oc.tar to a temporary directory on Linux clients that will access OneClick.
  2. On the Linux client, extract oc.tar as follows:
    1. Note:
      For performance and security reasons, extract this file to a local disk, not to a network drive.
    2. Run the following command:
      tar xvf oc.tar
    3. Edit the line in card.config.Linux that begins with "library=". Change it to point to the ActivIdentity pkcs library. For example, change it to the following line:
      library = /usr/local/ActivIdentity/ActivClient/lib/libacpkcs211.so
    4. Run the runoc script to launch OneClick. Take
      one
      of the following steps:
      • LDAP: Run the following command:
        ./runoc
      • Non-LDAP: Run the following command:
        ./runoc - noldap
      When it is first run, runoc installs a JRE in the current directory.
Users are always prompted for their CAC Personal Identification Number (PIN). If you are not using LDAP, users are also prompted for their user name and password.