On Tuesday 17 October 2006 01:13, Ludovic Rousseau wrote:
> How can you differentiate, at the system level, a local user from a remote
> user?
I don't think you need to distinguish a user at the console from the same user
account coming in over a remote connection. What Mr Engert wants to achieve
is to ensure that when a user logs into the console, only that user account
has access to the smart card. Since the display manager obviously knows who
is logged in at the console, that should be achievable.
The solution I proposed some time ago would have instead made it so that after
one user account connects to the card, no other user account can use the card
without an automatic card reset. That would prevent silent 'sharing' of
secured card-based resources without the need to distinguish local vs remote
users.
Shawn
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
