Re: [gdm-list] adding a command to externaly fill the username field

From: Bob Doolittle <Robert Doolittle Sun COM>
To: syrius ml no-log org
Cc: gdm-list gnome org
Subject: Re: [gdm-list] adding a command to externaly fill the username field
Date: Sun, 29 Jan 2006 15:09:35 -0500

Bob Doolittle wrote:

Do you have some
kind of mixed population where some people are
logging in with smartcards and some not? That's
not what Phillipe was asking for. It's trickier -
usually you want to use one kind of authentication
or another so you know what you need to do and

just do it.



Also note that allowing password authentication dilutes
the security model offered by the smartcards.  The
smartcards offer what some folks call "Two factor authentication",
or "Something you have, and something you know" (the smartcard,
and the PIN).  The password is just "One factor" (something you
know).  So allowing both forms of authentication really throws
away much of the value of the smartcard security model.  Unless
you also carry the security model to the desktop apps you allow
the user to run (i.e. some apps can only be run by people who
logged in using a smartcard), but that's much more difficult to
get right.

-Bob

References:
- [gdm-list] adding a command to externaly fill the username field
  - From: syrius . ml
- Re: [gdm-list] adding a command to externaly fill the username field
  - From: Bob Doolittle
- Re: [gdm-list] adding a command to externaly fill the username field
  - From: syrius . ml
- Re: [gdm-list] adding a command to externaly fill the username field
  - From: Bob Doolittle
- Re: [gdm-list] adding a command to externaly fill the username field
  - From: syrius . ml
- Re: [gdm-list] adding a command to externaly fill the username field
  - From: Bob Doolittle

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]