|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Muscle] libpam-musclecard
From: Peter Williams (home_pw
msn.com)
Date: Sat Nov 19 2005 - 12:43:14 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
so, this is the same model as an EMV card, in SDA mode, as recently
installed throughout the UK: check that an issuer's issuing-time signature
on a presented card can be re-validated today by an offline, trusted
host/reader with a trusted store of IA signature validation keys.
Given musclecard's have an ext-auth process (which approxiamate to the EMV's
DDA mode), why cannnot we go one step further, and have the host mutually
authenticate to the card, using a secret ext-auth key that is handled at the
same sensitivity level as the current IA verification keys (plus
confidentiality, obviously)?
>From: Matthias Barmeier <barmeierbarmeier.com>
>Reply-To: MUSCLE <musclelists.musclecard.com>
>To: MUSCLE <musclelists.musclecard.com>
>Subject: Re: [Muscle] libpam-musclecard
>Date: Fri, 18 Nov 2005 10:24:41 +0100
>
>Hi,
>
>Sorry, for the last mail but the README in the Debian package
>libpam-musclecard has
>an incomplete configuration chapter. The chapter ends with:
>--snip--
>1. UserCert - the module will look in ~/.muscle/user.cert for the
> certificate.
>2. RootCert - the module will retreive the certificate from the smartcard
> and validate the signature by looking at the RootCA's
> certificate in /etc/root.cert. It will also check that the
> username corresponds to the username in the certificate.
>--snip--
>
>After loading and extracting the MusclePAM.zip from your source I have
>a more complete configuration instruction.
>
>
>Thanx a lot.
>
>Ciao
> Matthias
>
>Karsten Ohme schrieb:
>
> >Matthias Barmeier wrote:
> >
> >
> >>Hi again,
> >>
> >>does anyone out there has a link to a step-by-step guide
> >>from having a working muscle card to a working gdm/kdm/?dm login
> >>with that card ???
> >>
> >>
> >
> >Is the README in MusclePAM not enough?
> >
> >By the way, the root cert option is not working with this, because a
> >tool was missing to generate a certificate signing request. If you need
> >this, then look at the version at:
> >
> >http://web.inf.tu-dresden.de/~ko189283/MuscleCard/
> >
> >file PAMCardInit, but the other stuff is also a bit different, but
> >should compile against libmusclecard, although PIN pad support will be
> >missing. Everything should be build running "make" with the contained
> >Makefile (At the moment there is no correct autoconf/automake build
> >files contained.).
> >
> >Karsten
> >
> >
> >
> >>Ciao
> >> Matthias
> >>_______________________________________________
> >>Muscle mailing list
> >>Musclelists.musclecard.com
> >>http://lists.drizzle.com/mailman/listinfo/muscle
> >>
> >>
> >
> >_______________________________________________
> >Muscle mailing list
> >Musclelists.musclecard.com
> >http://lists.drizzle.com/mailman/listinfo/muscle
> >
> >
> >
> >
>
>_______________________________________________
>Muscle mailing list
>Musclelists.musclecard.com
>http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]