Hi everyone! I wrote a smartcard pam module similar to muscle, it uses pam conversation mechanism to get the card pin. I learned a lot from the muscle smartcard pam module, thanks for the people who created it.
I tested my module on Fedora Core 2, the pam version is 0.77-40. The modules works fine for `login', `su', `gdm' together with the pam system authentication module(the one that uses /etc/passwd file), but there is a problem for kdm. This is my kdm pam configuration file(/etc/pam.d/kde), pam_icc.so is my own smartcard pam_module: #%PAM-1.0 auth required pam_icc.so auth required pam_stack.so service=system-auth auth required pam_nologin.so auth sufficient pam_timestamp.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_timestamp.so session optional pam_selinux.so session optional pam_console.so I found that the password you input in the login dialog box will be used for both "pam_icc.so" and "auth pam_stack.so service=system-auth", the kdm login dialog box just don't prompt for card pin and system password respectively. If the card pin and the system password are the same, then both modules will return PAM_SUCCESS and pam authentication will succeed, but in the real world it is not a good idea to set our card pins identical to our system passwords. I want to solve this problem, I want both modules work together for kdm. Do I have to modify the source code of kdm(e.g. add another input box to the login dialog box)? Any idea? Thank you! Xu.Hao. Beijing _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
