Douglas E. Engert wrote:
Is there any way to have OpenCT limit access to reader devices to the user logged in at the console?
sure. chgrp scard /var/run/openct and configure some pam module for login only, so it adds the user to group scard. that way only those who used login have group scard and can use openct, while those using ssh, kdm, whatever can not.
I see the WIKI has some comments about using HAL, and the comment: "Also so far noone told us why we should change a running system." Here is one reason: I would like avoid a user who has logged in over the network from accessing a card in a reader inserted by the local user.
can be done without udev/hal changes, no issue here I think.
I sent a similiar note to the muscle list asking about PCSC.
sorry, I have little clue about pcsc. maybe ludovic knows? I guess you can set permissions on the pcsc sockets too.
So has anyone looked at HAL closer for OpenCT? I see it has the udev files as a start.
I think hal is nice if some application (e.g. your kde desktop icon manager) wants to get notification if e.g. a cdrom was inserted or
a usb memory stick was plugged into the usb port. I fail to see how it helps openct at all. Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel