Andreas, hi, [please Cc me on replies] Andreas Jellinghaus wrote: > thanks. I think smart card pins are too important to be passed to other > modules. so I removed that code completely. I have to disagree here. Smart card pins are indeed sensitive but I think that PAM is trustworthy enough to handle it. After all, it handles plain user passwords -even root's- on pretty much every Unix system. And passwords are *more* sensitive than PINs because they are sufficient for authentication, without the barrier of "what-you-have" that a smart card provides. pam_unix and almost every PAM module out there save the authentication token so subsequent modules can read it. I really can't see the reason why pam_p11 should be an exception.
Passing the authentication token may be useful in certain scenarios. Think for example a situation when you want to decrypt something (e.g. a file or even your ~) when logging in. Prompting *twice* (or more!) for the PIN is user unfriendly -- not to mention security implications. Moreover, such a security "measure" is easy to work-around -- you can have another pam module to do the conversation and pass the token to pam-p11 for authentication. Granted, this code hasn't been used -it was buggy and I'm the first who noticed- but that doesn't mean it shouldn't be there in the first place. I really hope you'll reconsider since I'm already using the feature. Best regards, Faidon _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
