Hi folks, new to Bluefin. I’m trying to understand the options for adding smart card support to a fresh install.
Specifically, my employer issues Yubikeys configured as smart cards, and we use them to authenticate to a Citrix gateway via a browser.
On a vanilla Fedora install, I can install the pkcs11 libraries on the system, and reference the .so in Firefox’s settings. Trying to think through my options to do this on a ublue system?
I’ve seen the documentation at Installing and Managing Applications - Bazzite Documentation and it makes me think it would be preferred to create a new distrobox with a separate Firefox + pkcs11 install. This initially seems like overkill, when I have a perfectly good system Firefox sitting right there, and could add the pkcs11 lib via rpm-ostree. Am I thinking about this the right way? Are there other options I should be considering?
Hi,
I’m also using Yubikeys with the Brave browser, everything is installed in the base system so no modification is needed.
If you use the yubico authenticator, the beta version of the flatpak must be installed to work.
KR
Ferenc
I’m guessing your Yubikeys are configured differently, possibly using WebAuthn/FIDO2. I installed Brave but got a similar failure when I tried to use it as a smart card.
Barring nothing else, I’m leaning towards going with a pet container with Firefox + smart card software. Isolating all my work software to a separate runtime is likely better data hygiene anyhow.
I made some progress with this today. The distrobox wasn’t working with my smart card, but it turns out the host already had opensc installed, so I installed an AppImage of Firefox, which could load /usr/lib64/opensc-pkcs11.so successfully.
I’m still fighting with my next hurdle (launching an RDP session with smart card passthrough) but it feels good making some progress here. And given how fast the AppImage launches I don’t feel too bad about having a separate Firefox install specifically for this purpose.