Re: [gdm-list] adding a command to externaly fill the username field
- From: Bob Doolittle <Robert Doolittle Sun COM>
- To: syrius ml no-log org
- Cc: gdm-list gnome org
- Subject: Re: [gdm-list] adding a command to externaly fill the username field
- Date: Sun, 29 Jan 2006 15:09:35 -0500
Bob Doolittle wrote:
Do you have some
kind of mixed population where some people are
logging in with smartcards and some not? That's
not what Phillipe was asking for. It's trickier -
usually you want to use one kind of authentication
or another so you know what you need to do and
just do it.
Also note that allowing password authentication dilutes
the security model offered by the smartcards. The
smartcards offer what some folks call "Two factor authentication",
or "Something you have, and something you know" (the smartcard,
and the PIN). The password is just "One factor" (something you
know). So allowing both forms of authentication really throws
away much of the value of the smartcard security model. Unless
you also carry the security model to the desktop apps you allow
the user to run (i.e. some apps can only be run by people who
logged in using a smartcard), but that's much more difficult to
get right.
-Bob
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]