Hi,
Sorry for the confusion, when I said RPC like service I meant a service
that uses GSS-API or something tunnelled under ssh. Keep in mind this is
a separate service that acts as an application to PC/SC - I would never
make this part of PC/SC and it would never be Sun RPC.
I do need some sort of authentication service which uses GSS-API or
something so that in an environment such as the SunRay or Citrix I can
call back to the local smartcard reader since the authentication device
does not reside on the machine wishing to authenticate. Also, this is
needed for remote authentication services such as ftp/telnet.
Dave
On Wed, 6 Jun 2001, Dr S N Henson wrote:
>
>
> Ludovic Rousseau wrote:
> >
> >
> > I don't think using RPC is a good idea.
> > You use a smartcard to provide security in a unsecure environment.
> > I don't want to send my PIN code in clear over RPC. You need to have
> > authentication, integrity and confidentiality of your networks
> > communications.
> > You could use 'secure RPC' but it will be hard to find implementations
> > of it outside SUN.
> >
> > If you send your PIN code in clear over the network why not just use
> > telnet ? :-(
> >
> > I want a secure channel between my smartcard and the program sending
> > commands to it.
> >
>
> Yes, I agree. I also don't want some untrusted program (even if the
> server is authenticated) sending arbitrary commands to the smart card
> and, for example, grabbing the PIN and signing/decrypting anything it
> wants.
>
> For accessing remote computers (which the original query was about)
> something like ssh or secure telnet using smart card based keys
> for authentication would be more appropriate.
>
> Steve.
>
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
