Tech Updates by David Whiteside

Share this post

Using a SmartCard, PIV, or CAC (Common Access Card) with Ansible

davidwhiteside.substack.com

Discover more from Tech Updates by David Whiteside

Follow along with updates about software, cloud, HPC, security, DevOPs, and more.
Continue reading
Sign in

Using a SmartCard, PIV, or CAC (Common Access Card) with Ansible

David Whiteside
Jul 1, 2022
Share this post

Using a SmartCard, PIV, or CAC (Common Access Card) with Ansible

davidwhiteside.substack.com
Share

As part of the Ansible 2.12 release, pkcs11/smartcards are now supported by Ansible. Now you can use smartcards and other devices that support pkcs11 (Yubikey) to configure systems with Ansible.

Setup your middleware for pkcs11, below is how to install opensc on a Mac using homebrew
$ brew install opensc

To use pkcs11 for authentication set the ANSIBLE_PKCS11_PROVIDER environment variable
$ export ANSIBLE_PKCS11_PROVIDER=/usr/local/lib/opensc-pkcs11.so
$ ansible-playbook -u USERNAME -b -k -K PLAYBOOK.yml --connection=ssh
SSH password: << Enter your PKCS11 Pin for your smartcard
SUDO password[defaults to SSH password]: << Enter your user account password for sudo

For more details see the feature PR.

Share this post

Using a SmartCard, PIV, or CAC (Common Access Card) with Ansible

davidwhiteside.substack.com
Share
Comments
Top
New

No posts

Ready for more?

© 2023 David Whiteside
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing