Absicherung NFS

From
Revision as of 14:35, 4 October 2022 by Haussknl (talk | contribs)
Jump to navigation Jump to search

Absicherung NFS

Plan

Step 1: Authentifizierung mit 802.1x. 1x Switch, 1x Client und 1x RADIUS Server

Step 2: CSR in TPM generieren oder Zertifikat mit Schluessel importieren.

Step 3: Zertifikat aus TPM fuer 802.1x verwenden.


Implementierung

cat > wpa_supplicant.conf <<EOF network={

   ssid="SSID"
   key_mgmt=WPA-EAP
   eap=TLS
   identity="testing"
   ca_cert="/etc/pki/SSID/ca.pem"
   client_cert="/etc/pki/SSID/client.crt"
   private_key="pkcs11:model=Intel;manufacturer=Intel;serial=0000000000000000;token=label;id=%32%62%37%30%65%62%36%32%66%33%32%62%31%63%65%37;object=0;type=private;pin-value=userpin"

} EOF


Ressourcen

https://tpm2-software.github.io/

https://github.com/tpm2-software/tpm2-pkcs11/blob/master/tools/tpm2_ptool.py