Nicolas Williams wrote: > On Tue, Oct 07, 2008 at 04:37:58PM -0500, Douglas E. Engert wrote: >> The smart card reader (I am using a USB reader) is similar to the kbd, mouse >> screen, speakers, microphone, dvd, and other locally attached USB devices. >> They should be usable only by the console user. So what would it take >> to add the smart card reader to this list of devices? > > First, Solaris supports a notion of multiple seats, including remote > seats (e.g., via Sun Ray). > > Second, the smartcard needs to be accessible during authentication. > That is, before we know who the console user is. > >> Login type functions like pam_krb5, pam_pkcs11, and kinit >> with PKINIT could tell libpkcs11 to include local reader devices. > > Sure. How? That is, via what PKCS#11 interface? (I'm not a PKCS#11 > expert; apologies if there's something obvious.)
I don't think this is a PKCS#11 layer problem. It is in my opinion a PC/SC problem or USB layer problem. I believe that there is already some support in pcscd for Sun Ray (or will be soon) to solve similar issues. -- Darren J Moffat
