Enabling Smart Card Support on the MATE Desktop Environment

Introduction

Smart cards add an additional layer of authentication to your Linux system. Smart cards have the benefit of being a physical device, that (generally speaking with some exceptions) cannot be reprogrammed once the private keys have been inserted.

This article will go over how to setup smart card authentication on the MATE desktop environment. The article assumes that the user has a Yubikey / other form of smart card available and has knowledge of setting up a smart card on GNOME. The following method requires the installation of the GNOME desktop environment.

Problem

You are running Rocky Linux in an enterprise environment, with workstations that have the MATE desktop environment installed on them. You want to add an additional layer of security, by making sure all employees log in using their smart card.

Resolution

Set up a Rocky Linux 9 System with the MATE desktop. The pre-built Desktop/Workstation Live Image is a good option for a smooth install experience.

The GDM lock screen from the GNOME desktop environment is needed for the smart card authentication process. The easiest way to obtain GDM (and the GNOME desktop environment as well) is to install the Workstation group package with:

dnf group install "Workstation"

• Then enable the GDM service with:

systemctl enable gdm --force

• After that, reboot the machine and the GDM login manager will appear.

• Log into GNOME and configure your smart card.

• Once done, log back out to the GDM login manager.

• Click the little cog icon in the bottom right-hand corner, select the MATE option, enter your password, and continue to log in from there.

• To lock your session, run the command below. This will switch the current MATE session to the GDM lock screen:

gdmflexiserver -ls

References & related articles

Ubuntu MATE Forums - Setup and Locking/Unlocking MATE With a Smart Card