NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > MUSCLE Smartcard Development> 2005-q4

Re: [Muscle] SCLOGON 0.1 Smart Card event daemon for GNU/Linux

From: Philippe C. Martin (pmartinsnakecard.com)
Date: Mon Nov 07 2005 - 08:00:05 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday 07 November 2005 12:37 pm, Ludovic Rousseau wrote:

>
> That's an interesting project. How do you plan to integrate it in gdm
> for example?
> Will it be like on Windows: gdm asks for the PIN as soon as you insert
> a smart card in a reader (without asking for the login first)?
>
> I did not know that gdm, kdm, ... had a support for plug ins.
>
My experience is with the GINA technology (Windows), so my daemon represents
somewhat the winlogon service sending smart cards insertion and removal
events to the GINA (gdm ?) - then a "pin" dialog box appears if a card is
inserted/replaced by a regular dialog box if the card is removed prior to
login.

once logged-in, removing the card locks the screen.

Windows has two ways of doing that:
1) CSP: plugins that register themselves and get called by the original GINA
(those are about to disappear)
2) rewriting the GINA (that was my choice) ... but I'm not sure it was the
best one.

I have been talking with the gdm people and I understand that adding such
feature would require revamping their code, I'm also looging at xdm and the
issues are the same ... I think.

So I'm also looking at rewriting a complete logon manager (my best bet I
think) with that architecture in mind.

Looking at gdm and xdm (written in C), it seems a _lot_ of the code is
"utility-oriented" ex: string management. So I'm seriously thinking of using
a scripting language (I'm partial toPython) to simplify matters.

I am currently looking at non-X509 solutions: my card applications simply
check the pin code and return the password, username, domain. So there is no
certificate signature going on. Assuming I make it, I would hate for my
architecture to not represent other needs such a as X509 support: I will keep
MUSCLE posted and have no problem this becoming a MUSCLE project.

> Please continue.
I will

Regards,

Philippe

>
> --
> Dr. Ludovic Rousseau
> For private mail use ludovic.rousseaufree.fr and not "big brother" Google
>
> _______________________________________________
> Muscle mailing list
> Musclelists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle

--
*************************************
Philippe C. Martin
SnakeCard, LLC
www.snakecard.com
*************************************
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]