Hello Michael, On Thu, Jun 19, 2008 at 5:08 PM, Juan Antonio Martinez <[EMAIL PROTECTED]> wrote: > El mié, 18-06-2008 a las 23:29 +0200, Michael Grünewald escribió: >> Hello, >> during work for a seminar about smartcards and linux I found pam_pkcs11, >> which works really nice. But I think there is a major security issue in the >> card_eventmgr/pkcs11_cardmgr configuration samples. The screensaver is >> unlocked regardless of the card inserted. When someone locked the screen by >> removing the smartcard, I could easily place my own in the reader and unlock >> the workstation. Is there an error in reasoning on my side or am I right?
Have you configured the screen saver to use the pam_pkcs11 to unlock as decribed in [1]? > You're right: it's a (serious) bug. lock manager should ask pam > to ensure that provided card id matches logged user session > > I'm not actually the mantainer of pam_pkcs11. So I'll forward your > question to opensc development mailing list. Thanks for the forward Juan Antonio. Regards, [1] http://www.opensc-project.org/doc/pam_pkcs11/pam_pkcs11.html#id2525931 -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
