If anyone is interested, I have a working version of a PAM library that does
authentication with password files stored with Axalto's middleware format.
It is not finished but works for me. The middleware from Axalto stores 2
files in a pcsc card 2000 (username and domain) and 2001 (passwords, locked
with CHV1), both within 3F12.
Right now this little tool simply asks for the PIN (CHV1), gets the first
username (ignoring domain info), gets the first password, and compares them
to data stored in a local file.
Current limitations:
* User info is stored in clear text locally on the system (the file
that contains the info that will be compared against that on the card). A
better approach would be to store a hash of the password, calculate the hash
of the password in the card and compare both hashes.
* Only the first user on the smartcard is authenticated.
Axalto might have created an authentication tool as David says, but I
couldn't find it (it might be more robust than this pam module of mine).
Cheers,
Omar
> David Corcoran wrote:
>
> Yes, you must use the Muscle PKCS#11 module on Windows in order to
> use the Muscle PKCS#11 module on LInux.
>
> You can use ID Ally for Windows - http://www.identityalliance.com.
> It makes use of the Muscle PKCS#11 and provides a CSP which you
> can use similarly to the Schlumberger middleware. If you have to use
> the Schlumberger (now Axalto) middleware, I think at one time
> they had a Linux version ....
>
> Thanks,
> Dave
>
> On May 26, 2005, at 5:46 PM, Geoffrey Elgey wrote:
>
> > G'day,
> >
> > Up to now I've been using Linux to store a key and a certificate on
> > a smart card, and using middleware such as pcsc-lite and the muscle
> > PKCS#11 library to access the authentication data on the card, for
> > use in my Linux-based application.
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
