Re: [opensc-devel] Opensc and SetCOS.

Wed, 01 Sep 2010 03:28:38 -0700 

On Wed, 2010-09-01 at 11:12 +0200, Patrik Martinsson wrote:
> 2. Support by gdm/screensaver/or any application actually that uses 
> pkcs11, to handle locked cards. (I think if the card is locked you 
> should get the possibility to unlock it with your puk, I don't know
> why 
> this is not possible today ? )

Locking gdm screen is possible. A user sent me the solution:

pkcs11_eventmgr {

    # Run in background? Implies debug=false if true
    daemon = true;

    # show debug messages?
    debug = false;
   
    # polling time in seconds
    polling_time = 1;

    # expire time in seconds
    # default = 0 ( no expire )
    expire_time = 0;
   
    # pkcs11 module to use
    pkcs11_module = /usr/lib/opensc-pkcs11.so;

    #
    # list of events and actions

    # Card inserted
    event card_insert {
        # what to do if an action fail?
        # ignore  : continue to next action
        # return  : end action sequence
        # quit    : end program
        on_error = ignore ;

        # You can enter several, comma-separated action entries
        # they will be executed in turn
        action = "gnome-screensaver-command --poke";
    }

    # Card has been removed
    event card_remove {
        on_error = ignore;
        action = "gnome-screensaver-command --lock";
    }

    # Too much time card removed
    event expire_time {
        on_error = ignore;
        action = "/bin/false";
    }
}


> 3. Support for NM to handle pkcs11 tokens when authenticating to 802x 
> wireless networks.

This can be done using a FreeRadius server and LDAP. You authenticate to
LDAP using a smartcard, and the wireless access point (AP) should
authenticate to the FreeRadius server. But this only works on your local
wireless network. And you need a Freeradius compatible AP. Some very
cheap Linux-based AP are available today.

I am not aware of a solution which would keep your WEP keys directly on
smartcard.

Gnome and gnome-keyring + seahorse are able to store the wireless keys
securely. You connect to Gnome using a smartcard and this unlocks the
wireless keys. In most cases, this is sufficient.

You may read these tutorials:
http://www.gooze.eu/howto/gnu-linux-smartcard-logon-using-pam-p11
http://www.gooze.eu/howto/gnu-linux-smartcard-logon-using-pam-pkcs11

After connection to Gnome using PAM, this should unlock the wireless
keys.

Kind regards,
-- 
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to