Absicherung NFS: Difference between revisions

From
Jump to navigation Jump to search
No edit summary
No edit summary
Line 7: Line 7:


Step 3: Zertifikat aus TPM fuer 802.1x verwenden.
Step 3: Zertifikat aus TPM fuer 802.1x verwenden.


=== Implementierung ===
<code>
cat > wpa_supplicant.conf <<EOF
network={
ssid="SSID"
key_mgmt=WPA-EAP
eap=TLS
identity="testing"
ca_cert="/etc/pki/SSID/ca.pem"
client_cert="/etc/pki/SSID/client.crt"
private_key="pkcs11:model=Intel;manufacturer=Intel;serial=0000000000000000;token=label;id=%32%62%37%30%65%62%36%32%66%33%32%62%31%63%65%37;object=0;type=private;pin-value=userpin"
}
EOF
</code>



=== Ressourcen ===
=== Ressourcen ===

Revision as of 14:35, 4 October 2022

Absicherung NFS

Plan

Step 1: Authentifizierung mit 802.1x. 1x Switch, 1x Client und 1x RADIUS Server

Step 2: CSR in TPM generieren oder Zertifikat mit Schluessel importieren.

Step 3: Zertifikat aus TPM fuer 802.1x verwenden.


Implementierung

cat > wpa_supplicant.conf <<EOF network={ 

   ssid="SSID"
   key_mgmt=WPA-EAP
   eap=TLS
   identity="testing"
   ca_cert="/etc/pki/SSID/ca.pem"
   client_cert="/etc/pki/SSID/client.crt"
   private_key="pkcs11:model=Intel;manufacturer=Intel;serial=0000000000000000;token=label;id=%32%62%37%30%65%62%36%32%66%33%32%62%31%63%65%37;object=0;type=private;pin-value=userpin"

} EOF


Ressourcen

https://tpm2-software.github.io/

https://github.com/tpm2-software/tpm2-pkcs11/blob/master/tools/tpm2_ptool.py

Retrieved from "https://sarwiki.informatik.hu-berlin.de/index.php?title=Absicherung_NFS&oldid=13798"