> > For keyboards, mice, and displays, I see an obvious way to relate them > to a user approaching the system at a workstation. They're all > attached to the same X server, and it's the X server's problem to make > sure that these bits of hardware are associated with that one site. > > The biometric readers are coming at this sideways. There appears to > be no way to know whether a given reader has anything to do with a > given workstation. All that you can do is "guess," which seems a poor > idea for something that aims to be a security system. > > I suspect that the underlying problem is that these devices are > designed for a different environment -- the single-user Windows > laptop. There are many things that make sense in such an environment > that simply do not make sense on a larger multi-user system, and > vice-versa. Right, many devices integrates the enrollment/verification function into the firmware. If the device is virtualized in X, PAM module is not able to implement the verification, just like the smartcard. So I would not like to introduce the biometric devices in X level. For this project, in the first stage, the solution is focused on a local system(desktop, laptop). In the second stage, when nis/ldap is supported, I think SunRay would be prioritized rather than X Biometric Device since all USB devices have already bound in client. Thanks.
-- Best Regards, GaoPeng Chen Call: +86-10-62673005 Ext: x82005 Sun Microsystem Inc. China
