Re: [gdm-list] My questions
- From: "Philippe C. Martin" <pmartin snakecard com>
- To: Brian Cameron <Brian Cameron Sun COM>
- Cc: gdm-list gnome org
- Subject: Re: [gdm-list] My questions
- Date: Tue, 4 Oct 2005 19:56:57 +0000
Brian,
Thank you!
Yet my questions are not related to smart cards in the sense that I've already
covered all of my issues (but one) with smart cards under GNU/Linux.
I came here as a gdm newbie though, as all of my smart card applications
support GNU/Linux except for one: how to use my cards to logon to an
Xsession.
Under Windows I had two ways: write a CSP (plugin) and hookup to the original
GINA, or rewrite the GINA (although the CSP is about to disappear, I am not
certain my solution "rewrite" the GINA was the most intelligent one ... yet
it works)
I am looking for my options under GNU/Linux and feel I am basically in front
of the same problem:
1) use any type of extension current logon program (gdm, kdm, xdm .....)
have .... if they do!
2) hack or rewrite one of them :-(
3) add what is necessary to #1 to do something clean
I assume you guys who worked on gdm can tell me whether there are "hooks"
available to add my "plugin", or where it is I should create those hooks and
integrate them into gdm so:
1) the basic plugin hook system would be GPL (source in gdm)
2) other vendors could hook up easily to #1 - i want to promote GNU/Linux here
3) the vendors that need to hide some crypto in their attached modules (that
is my case) would not have to release the code (ex: shared library of some
sort).
If that's OK, I'll try to describe my problem by explaining how I rewrote GINA
- I will not bother you with details but sometimes my questions do need
rephrasing ;-)
*******************************
0) "winlogon" is a windows process that "talks" to the gina installed
1.a ) In logged-out state, users can press ctrl-alt-del to access the usual
windows login dialog ===> winlogon sends a ctrl-atl-del to the gina which
pops-up a dialog box with three fields: username, password, domain: the gina
just passes that info to windows to start a new session
1.b) In logged-out state, users can insert a smart card === winlogon, sends a
smart card inserted event to the GINA which: recognizes the card, pops-up a
dialog with one field "PIN code", fetches that field, gives it to the card,
and if OK grabs the username, password and domain from the card and launches
a windows session.
2+) in logged-in state, the events can also be ctrl-alt-del wich trigger
loggoff or shutdown or ..... or card removal which triggers a screen lock.
3) the screen-lock state also has a new popup: insert card to reenter the
session, or be able to logoff/shutdown/reboot ...
*******************************
I am not saying this is the right way to do it or that I want to do it that
way, my question is more:
1) can this (or something like this) be done somehow in the current gdm
architecture ?
2) how or rather where :-)
I feel hacking gdm would be a crying shame, and I would be ready to add
whatever is necessary to make the above possible while staying GPL and
protecting my rypto/proprietary issues.
Quid ?
Thanks again and regards,
Philippe
On Tuesday 04 October 2005 07:09 pm, Brian Cameron wrote:
> Philippe:
> > I have asked a few questions in this ng and have yet to receive any
> > answer, is it that my questions are irrelevant, stupid, or is this not
> > the correct ng to ask them ?
> >
> > If the latter is correct, please let me know and I will stop polluting
> > this list.
>
> I believe you are asking about your recent questions about SmartCard usage.
> The gdm-list is not a bad place to ask questions about this topic since
> SmartCards do relate to the gdm login program. At any rate, I don't feel
> you are polluting the list.
>
> If nobody is responding to your questions, this may simply mean that
> nobody on the list knows the answers to your questions. You might try
> some forums where SmartCard is discussed more specifically. I don't
> really know where to point you, but a quick Google search brought up
> a few ideas:
>
> http://www.linuxnet.com/list.html
> http://www.opencard.org/
>
> You might try Google too. Sorry I am not more help.
>
> Brian
--
*************************************
Philippe C. Martin
SnakeCard, LLC
www.snakecard.com
+1 405 694 8098
*************************************
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]