On Mon, 2014-01-06 at 10:44 +0100, Ludovic Rousseau wrote: > I guess you only have PKCS#15 cards with default (known) transport keys.
Indeed. > >> If you want to avoid a remote user to use a PIN protected card the > >> best is to use a pinpad reader with a firewall. The PIN will only be > >> entered using the pinpad. Any PIN verification command will be > >> rejected by the reader firewall. > > > > Or I can use polkit :) The latter requires no additional hardware and is > > already used for access control (to access hard disks) in most systems. > > > > In general administrating a system doesn't always imply selection of the > > authenticating tokens. Typically the tokens are fixed and the > > administrator tries to make the best use of the system access controls > > to prevent misuse. In 99% of the cases a smart card is used > > interactively from the guy sitting on the PC and currently there is no > > way to enforce that. > OK. PolKit may solve some some problems in some cases. > My concern is: what default security policy should be provided by pcsc-lite? > To _not_ break existing system the default configuration should be: > access allowed for any process. > Can we propose something better than that? The example file I submitted had as rule, that the console user has full access, as well as the administrator user. I can modify that to have the existing pcsc-lite policy of allowing everyone (just change auth_admin with yes in the policy). I've also made the polkit support optional (--with-polkit needs to be explicitly specified), so someone enabling it will be most probably installing his own policies. I could add some README file that explains few things with polkit. Let me know for that. regards, Nikos _______________________________________________ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
