Absicherung NFS: Difference between revisions

From
Jump to navigation Jump to search
No edit summary
Line 10: Line 10:


=== Implementierung ===
=== Implementierung ===
<syntaxhighlight>
<code>
cat > wpa_supplicant.conf <<EOF
cat > wpa_supplicant.conf <<EOF
network={
network={
Line 22: Line 22:
}
}
EOF
EOF
</syntaxhighlight>
</code>



=== Ressourcen ===
=== Ressourcen ===

Revision as of 14:36, 4 October 2022

Absicherung NFS

Plan

Step 1: Authentifizierung mit 802.1x. 1x Switch, 1x Client und 1x RADIUS Server

Step 2: CSR in TPM generieren oder Zertifikat mit Schluessel importieren.

Step 3: Zertifikat aus TPM fuer 802.1x verwenden.


Implementierung

cat > wpa_supplicant.conf <<EOF
network={
    ssid="SSID"
    key_mgmt=WPA-EAP
    eap=TLS
    identity="testing"
    ca_cert="/etc/pki/SSID/ca.pem"
    client_cert="/etc/pki/SSID/client.crt"
    private_key="pkcs11:model=Intel;manufacturer=Intel;serial=0000000000000000;token=label;id=%32%62%37%30%65%62%36%32%66%33%32%62%31%63%65%37;object=0;type=private;pin-value=userpin"
}
EOF

Ressourcen

https://tpm2-software.github.io/

https://github.com/tpm2-software/tpm2-pkcs11/blob/master/tools/tpm2_ptool.py