I have to disagree here. Smart card pins are indeed sensitive but I
think that PAM is trustworthy enough to handle it.
After all, it handles plain user passwords -even root's- on pretty much
every Unix system. And passwords are *more* sensitive than PINs because
they are sufficient for authentication, without the barrier of
"what-you-have" that a smart card provides.
well, a smart card might allow access to many machines. so I care a lot
more about the single smart card (where I maybe only have one backup),
than about a single machine - can be always reinstalled or restored.
entering the wrong password will give you a delay on a normal machine.
entering the wrong pin will block the card. so cards are a lot more fragile
even with normal use, and need additional protection. thats why I also
think a smart card module should never accept the password already given
to some other module - it is ok to give the same password to two
databases (nis, ldap, pwent), but if one of the things you try is a
smart card, that is a recipe to lock it up fast.
but I'm by far no expert on writing pam modules. I would like to make
all of this configureable and would appreciate any help in doing that.
"secure by default" should be a configuation that protects the card,
as it can lock up much faster than the machine it is used with. but
there is no reason not to offer options e.g. for accepting passwords
entered for other modules, to forward passwords to other modules,
to not print the user / label of the pin to be entered, and other
things we could have as option.
I really hope you'll reconsider since I'm already using the feature.
do you know how I can make it an option? not sure when I can look into
it myself. for the past weeks I mostly spend time trying to get muscle
support in opensc to work, but we still aren't there yet. :(
Andreas
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
