Hello all,
I have a question about the MusclePAM framework, and am requesting feedback/comments on a possible scenario. First, it seems there is a typo in the MuscleCard PKCS#11 Framework Sources (muscleframework-1.1.3\MusclePAM): README refers to a configuration file /etc/pamsmartcrc; preferences.c refers, in function util_ReadPreferences() refers to pam-muscle.conf; there exists a sample pam-muscle.conf in the directory. I'm guessing the README just needs to be updated. ------------------ I am looking at using method #2 for MusclePAM to authenticate a user at a kiosk. The idea is the user inserts her card, all the magic is performed by MusclePAM, and eventually an X session begins with a restricted Mozilla browser running. Here's the question: what magic needs to occur for hooks to be inserted in the module to allow switching a user's identity after successful authentication. I'm reading up on Linux-PAM [1] right now, and it may click after a bit, but I've never worked with Linux-PAM nor MusclePAM, so that click may take a while :-) I want that X session and mozilla browser to run under the context of an anonymous user, e.g. nobody. The certificate e-mail address and PIN would be unique for each user, but the session at the kiosk would be generic. Initial candidate for the hooks seem to be in a couple areas: --) struct preferences, function util_ParsePreference, and any related code to make the user name configurable. --) pam_sm_authenticate by performing a pam_set_item to PAM_USER at the end of the function. --) pam_sm_chauthtok does a pam_get_user, but I don't see where it is used for the PIN changing, so maybe nothing here. I'm sure I'm missing some more, since I see some comparisons between the e-mail address and sd->user, and I don't know if that's going to be an issue if the card is removed and reinserted. Also, I haven't looked at the PKCS#11 stuff, yet, so I don't know what calamities I'm creating for myself. Feedback? TIA, Jon [1] http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
