Smartcards should be fairly safe when combined with a PIN, but they are not without risks. In particular, their lack of user interface and user control puts you at the mercy of the reader and there could be compromised readers.
You should consider the cost and convenience of the smartcard readers, especially if you're talking about mobile users - will they carry a reader with them and will they take good care of it? With any hardware solution, maintenance and support are often the biggest cost. There is also a cost for distributing the cards. If the cards have keys pre-installed, you will have to take special care. It is always best to have the private key generated on the client device. As far as Linux pams, that should be trivial to do, especially via Java. I don't know much about the IBM security chip. Nick -- Nick Owen CEO WiKID Systems, Inc. 404-879-5227 nowen at wikidsystems.com http://www.wikidsystems.com The End of Passwords -- > -----Original Message----- > From: Sebastian Schneider [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 12, 2003 2:22 PM > To: Scott Schwendinger; [EMAIL PROTECTED] > Subject: Re: SmartCards > > > This is really interesting. How does it work? I mean, are there > any existing > modules for PAM under Linux? > Are SmartCards that safe, when just protected by PIN codes? > > What's about the security chip, which IBM puts into there > Laptops/Workstations? > > Sebastian > > On Tuesday 12 August 2003 06:36, Scott Schwendinger wrote: > > Sebastian, > > > > Smartcards can contain many authentication id's. PKI > > client certificates can be stored on the smartcard. > > When the user access the system/login, a request for > > proof is sent. The user must provide the PKI > > certificate. With the use a smartcard reader > > (external or internal) the PKI certificate is read and > > the user is authenticated. > > > > Scott Schwendinger > > > > --- Sebastian Schneider <[EMAIL PROTECTED]> wrote: > > > Hello, > > > > > > are there any means to authenticate users using > > > SmartCard technologies? > > > It would be helpful, when primary configuration data > > > could be saved to that > > > card to support mobile users. > > > > > > Thanks, > > > Sebastian > > > -- > > > > > > > > > straightLiners IT Consulting & Services > > > Sebastian Schneider > > > Metzer Str. 12 > > > 13595 Berlin > > > Germany > > > > > > Phone: +49-30-3510-6168 > > > Fax: +49-30-3510-6169 > > > Mail: [EMAIL PROTECTED] > > > > > > > > > Diese E-Mail enthält vertrauliche und/oder rechtlich > > > geschützte Informationen. > > > Wenn Sie nicht der richtige Adressat sind oder diese > > > E-Mail irrtümlich > > > erhalten haben, > > > informieren Sie bitte sofort den Absender und > > > vernichten Sie diese Mail. > > > Das unerlaubte Kopieren sowie die unbefugte > > > Weitergabe dieser Mail ist nicht > > > gestattet. > > > > > > This e-mail may contain confidential and/or > > > privileged information. > > > If you are not the intended recipient (or have > > > received this e-mail in error) > > > please notify the sender immediately and destroy > > > this e-mail. Any unauthorized > > > copying, > > > disclosure or distribution of the material in this > > > e-mail is strictly > > > forbidden. > > > > > ------------------------------------------------------------------ > --------- > > > > > ------------------------------------------------------------------ > --------- > >- > > > > > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! SiteBuilder - Free, easy-to-use web site design software > > http://sitebuilder.yahoo.com > > > > > ------------------------------------------------------------------ > --------- > > > ------------------------------------------------------------------ > --------- > >- > > -- > > > straightLiners IT Consulting & Services > Sebastian Schneider > Metzer Str. 12 > 13595 Berlin > Germany > > Phone: +49-30-3510-6168 > Fax: +49-30-3510-6169 > Mail: [EMAIL PROTECTED] > > > Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte > Informationen. > Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich > erhalten haben, > informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. > Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser > Mail ist nicht > gestattet. > > This e-mail may contain confidential and/or privileged information. > If you are not the intended recipient (or have received this > e-mail in error) > please notify the sender immediately and destroy this e-mail. Any > unauthorized > copying, > disclosure or distribution of the material in this e-mail is strictly > forbidden. > > ------------------------------------------------------------------ > --------- > ------------------------------------------------------------------ > ---------- > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
