[gdm-list] Smart Card login



Hi Brian,

I'm currently working on part of a FC6/RHEL5 feature to add smart card
authentication to the desktop.  In particular, for login, we are going
to be using the pam_pkcs11 pam module and coolkey pkcs11 driver.

The basic idea behind it is, each security token (smart card) contains
a signed certificate identifying the user who owns the card.  The
certificate is protected by an alphanumeric PIN code.  At login time,
instead of entering a username and password, the user would enter the
PIN code to unlock the card.  The certificate on the card contains
some metadata including a unix username to map the card to a user
account on the system.

I was wondering if Sun has done anything like this in the past?

One thing I'd like to get into GDM would be the ability to detect when
a security token is inserted or removed from the system to restart the
PAM authentication process (so for instance, if someone is sitting at
the login screen and they insert their smart card, it would switch
from asking for a username to asking for PIN).  Would you accept a
patch to optionally compile in support for that ability?

Another thing I'd like to do is rework some of the PAM code and add
btmp logging and (linux) auditing support.  I'll post another mail
with more details on that later.

--Ray



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]