[Muscle] sunray170 smartcard dtlogin authentication
Odin Ifrit
odin_dark at yahoo.com.mx
Sun Sep 30 21:19:41 PDT 2007
Thanks a lot, I've downloaded the PCSC bypass for solaris and I'm begining to understand PAM development, I'm following this article
http://72.5.124.65/solaris/articles/user_auth_solaris2.html (see also part1 and 3)
I just want to know if I'm looking in the correct way and I'd appreciate if you can tell me how to implement the smartcard authentication there.
I use the SolarisAuthApplet on the smartcard payflex, so I need to grab the user, pwd and PIN from there, and ask user for the PIN and then authenticate, in this part I cannot figure out how to do it..
Can you give just a small example of how to achieve this?
I really appreciate your help guys, you're awesome!
----- Mensaje original ----
De: "lamo at ccs.ru" <lamo at ccs.ru>
Para: MUSCLE <muscle at lists.musclecard.com>
Enviado: viernes, 28 de septiembre, 2007 3:08:56
Asunto: Re: [Muscle] sunray170 smartcard dtlogin authentication
of course, mispelled again:) PCSC bypass and custom pam module.
You also have to plan how user/pass (or smth else in case you have
custom auth scheme) will be stored on your card and based on that write
the pam module.
It's all up to you. Do whatever suits your needs:)
Consider also security risks when designing.
Best regards,
alexz.
lamo at ccs.ru wrote:
> Odin Ifrit wrote:
>> Hello all!,
>> I have a some sunray 170 terminals connected to a sunfire server running
>> solaris10 and SRSS (Sun Ray Server Software) v4 and some payflex smartcards.
>> I want the smartcard to be required on the dtlogin authentication , I
>> mean the dtlogin to say "please insert your smartcard" and then you
>> insert it, then dtlogin grabs user and pwd from card (previously loaded
>> with solarisAuthApplet) and asks for PIN, if PIN is correct then user
>> can login.
>>
>> That is the behavior I want, I did it on a sunblade1500 but I've been
>> told that it cannot be done on sunray the same way I did it on blade, It
>> seems that I need middleware software. My question is can I accomplish
>> the behavior I want (or something similar, I mean maybe there is some
>> solution that doesn't require dtlogin, i don't know) using some of your
>> software or if you can provide me some tutorial of how to do it, or if
>> it's necessary I can write code but I need orientation, where to start
>> looking.
>> I really appreciate your help guys! I'll provide anything necessary to
>> accomplish this, thanks!!!
>>
>> ------------------------------------------------------------------------
>>
>> ¡Sé un mejor ambientalista!
>> Encuentra consejos para cuidar el lugar donde vivimos en:
>> http://mx.yahoo.com/promos/mejorambientalista.html
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Muscle mailing list
>> Muscle at lists.musclecard.com
>> http://lists.drizzle.com/mailman/listinfo/muscle
>
> Hi Odin,
> It can be done with custom pam module and sun's pcsclite software ( PSCS
> bypass).
>
> Best regards,
> alexz.
> _______________________________________________
> Muscle mailing list
> Muscle at lists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
>
_______________________________________________
Muscle mailing list
Muscle at lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
____________________________________________________________________________________
¡Sé un mejor fotógrafo!
Perfecciona tu técnica y encuentra las mejores fotos.
http://mx.yahoo.com/promos/mejorfotografo.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drizzle.com/pipermail/muscle/attachments/20070930/161c4add/attachment.html
More information about the Muscle
mailing list