Douglas E. Engert wrote:
Is there any way to have OpenCT limit access to reader devices to
the user logged in at the console?

sure.
chgrp scard /var/run/openct
and configure some pam module for login only,
so it adds the user to group scard.

that way only those who used login have group scard and can
use openct, while those using ssh, kdm, whatever can not.

I see the WIKI has some comments about using HAL, and the comment:
"Also so far noone told us why we should change a running system."

Here is one reason:
I would like avoid a user who has logged in over the network from
accessing a card in a reader inserted by the local user.
can be done without udev/hal changes, no issue here I think.

I sent a similiar note to the muscle list asking about PCSC.

sorry, I have little clue about pcsc. maybe ludovic knows?
I guess you can set permissions on the pcsc sockets too.

So has anyone looked at HAL closer for OpenCT? I see it has the
udev files as a start.

I think hal is nice if some application (e.g. your kde desktop icon manager) wants to get notification if e.g. a cdrom was inserted or
a usb memory stick was plugged into the usb port. I fail to see how
it helps openct at all.

Andreas
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to