Andreas Jellinghaus wrote: > Am Donnerstag 22 Januar 2009 15:54:07 schrieb Stanislav Brabec: > > > But why do you need to configure PolicyKit? What is the problem > > > PolicyKit is trying to solve? > > > > Grating access to users physically present at the computer. > > It uses standard UNIX ACL, so it can apply to both device nodes and > > sockets. > > so what happends with using smart cards readers for authentication > (including login)?
It involves no change to smart card utilities. PolicyKit can just refuse access to pcscd by remote users (at least by default). And it can do the same for direct access, if we will permit it for local users. login -> PAM -> runs as root -> access permitted card use as local user -> PolicyKit permits access to pcscd -> pcscd has access permitted > asking people to install hald on a server without any gui already adds > many packages for no other good reason. I don't know much about > Policykit, but please keep the "server with minimal installation" scenario > in mind, where admins want to login using their smart card. You can live with static permissions and static references to device nodes, you can still live without both hal and udev. pcscd used hal just to listening to events. Compile time option allows to switch back to udev. -- Best Regards / S pozdravem, Stanislav Brabec software developer --------------------------------------------------------------------- SUSE LINUX, s. r. o. e-mail: [email protected] Lihovarská 1060/12 tel: +420 284 028 966, +49 911 740538747 190 00 Praha 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz/ _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
