Technically speaking you should code a login application that make use of proper challenge-response authentication with the smart card i.e. it sends a challenge (random number) encrypted with the user's public key (read DN-field in the X.509v3 certificate to identify claimed identity) and if the card is able to return the correct response (the same random number in unencrypted form the user is authenticated. (i.e. he has been able to decrypt the challenge using his private key and PIN-code.)
How this could be implemented would propably be a reimplementation of 'login' with only smart card login support so that if the aforementioned chall-resp-auth was valid the sclogin-program spawns a shell with the users credentials and passes the terminal connection over to that shell. Cheers, Raymond ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 18, 2002 10:50 AM Subject: [Muscle] login locally in Linux using smartcard > Hi All.... > > I want to enable Linux to login locally or LTSP with smartcard. But first > i will try to login locally. Getty always prompt the login prompt and all > the processes next will be sent to login program. > > I think i will create one daemon that run before getty run, and then if my > daemon found that smartcard is inserted, then the daemon pass the > information stored in it (username, password, ,,,) to login program. > > But sadly said, the login program doesnt have password parameter to supply. > > What do you think ? I think i will need to modify login program, so it can > accept the username and password parameter on the fly. It will accept from > my daemon. > > Any opinion ? > > > _______________________________________________ > Muscle mailing list > [EMAIL PROTECTED] > http://lists.musclecard.com/mailman/listinfo/muscle > _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
