[gdm-list] Re: Biometric Login

From: Martin Paljak <martin paljak pri ee>
To: Bob Doolittle <Robert Doolittle Sun COM>
Cc: gdm sunsite dk
Subject: [gdm-list] Re: Biometric Login
Date: Mon, 22 Aug 2005 10:20:10 +0300

On Sat, Aug 13, 2005 at 06:05:55PM -0400, Bob Doolittle wrote:
> PLEASE do this via PAM, that's what it's designed for.
> Then it will work for any greeter, not just gdm (wonderful
> though we feel it is :-).
That's the theory. PAM does nt work very well (AFAIK) in some scenarios that
actually do matter.
> 
> This is how the commercial companies do it - AC Technology
> (who have fingerprint scanners) and Schlumberger/ActiveCard (for
> smartcards).
For example PAM still wants some user interaction like 'give me a username'.
The way smartcard world very often wants this - insert the card, wait for the pin
prompt (or a notice 'please enter your pin on the pinpad') and maybe a selection
of accounts/roles available. Also one can not detect the insertion of the card with a simple and logical
selfcontained pam module.


> PAM has its limitations - you have to live within the GUI bounds
> provided by the PAM client (e.g. gdm), but if you can live with primarily
> textual prompts, displayed by the GUI, the benefits far outweigh the
> limitations.
Taking the 'speciality' of such technologies (biometrics, smartcards) it 
does deserve some special attention to see HOW to best us them - not just
'well, i guess it can be done like this, it seems to be similar in spirit'.

It is not that simple to tell people that 'hey, when using smartcards then pin
is NOT something like a password that the application asks and then sends to the card'. 

So for some more advanced and userfriendly usages one has to think about new ways of doing things.

> 
> We should avoid the temptation to stuff more gratuitous stuff into gdm,
> it's rather "feature rich" as it is ;-).  Modular is better, 
> particularly when
> that enhances interoperability of your work.


It would not hurt to think about the 'other' authentication methods and what kind
of user interaction is needed and maybe 'help' a bit from gdm  side.

peace,
m.
-- 
martin paljak
martin paljak pri ee
martin.paljak.pri.ee
+372.5156495

References:
- Biometric Login
  - From: Mike Ross
- Re: Biometric Login
  - From: Bob Doolittle

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]