1

I have a Windows Vista machine which has a USB eToken Pro plugged into it. The eToken is used to control access to a development version of our product's web interface.

Most of the time I sit directly at the Vista machine, but about twice a week I connect to it (the machine, not the web interface) using rdesktop from an Ubuntu machine.

When I connect using RDP, the eToken doesn't show up on the remote machine, even though it is still plugged in (the eToken never leaves that machine). It is obviously looking for the eToken on the client machine.

Is there a way to either:

  • configure the eToken software or Vista to always look on the Vista machine?; or
  • configure the rdesktop client to tell the Vista machine to look at its own USB ports rather than the Ubuntu machine's?

The only other option is to take the token with me and get the eToken to work from Linux, but I would rather avoid that (yes, I know that is precisely the point of eToken, but I am only logging into a development system, it's not live or anything, and stupidly I don't need the token to see the backing database!).

My current workaround is to log out of RDP, tell a colleague to log in to my machine and the website using my credentials, and then to lock the machine. I then log in again using RDP and it all works fine.

Rich
  • 1,333
  • 5
  • 27
  • 39

1 Answers1

1

Yes, it's certainly possible. It has worked OOTB for Windows-to-Windows RDP sessions as long as I remember. However Linux support requires a little bit of hoop jumping.

Do you have the token functioning under Ubuntu already? If so, skip the first step.

  1. eToken support under Linux is provided by OpenSC. PKCS#15 is the standard for communicating with smartcards, but Aladdin's own software predates this slightly and isn't compatible. To solve this you either need to format a suitably sized token with two personalties or use separate tokens for each OS. Obviously you'll need to ensure that each have the relevant certificates imported.

  2. rdesktop has had OpenSC support since 1.5.0. Once you have OpenSC up and working you'll just need to ensure that rdesktop is ./configure'd with the flag --enable-smartcard.

You'll find these two pages useful for additional information:

Dan Carley
  • 25,189
  • 5
  • 52
  • 70
  • Thanks - in an ideal world I would like to avoid moving the key, especially if the other solution means a token with two personalities or two tokens. – Rich Mar 11 '10 at 14:43