Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Muscle] smart card logon to remote shares
From: Bruce Barnett (muscle040302grymoire.com)
Date: Wed Oct 13 2004 - 07:48:27 CDT
> 2.- Use remote authentication onto a server using cryptographic
> capabilities of the card (kerberos or something like that). Single signon.
Or use the mechanism used in openssh-mcard-3.5p1 where the remote
system sends a challange to the ssh-agent, which forwards it to the
card. The card signs it with the private key, and returns it to the
agent, which returns it top the remote host. The remote host verifies
it using the public key.
when you use ssh, as long as the card is in the reader, you can log onto the remote
system without a password.
Getting it to work with remote mounting of file shares is possible,
but I have no idea about the difficulty.
You still need to tell the ssh-agent the PIN number you use. But that can be once per session...
Muscle mailing list