> > I think that the dual-mode login idea is a good one, but what happens > in a situation where I want a more complicated PAM setup. For example, > what about where I want smart card, fingerprint reader, and password > to all work. Is this framework extensible enough to allow such setups? Yes, since the PAM modules are streamlined, we can configure it by pam.conf.
> > What if I have two dual-mode PAM modules. One for fingerprint reader > and user-password and a second dual-mode PAM module for smartcard > reader and user-password. Would things get a little ugly if I tried > to use them both together? With the following PAM stack, we can login by passing the authentication of fingerprint, smartcard and passwd in series, or directly login by user-pass at any time. Please note that no trial-mode is provided, so fingerprint or smartcard must be verified by sequence. Thanks. gdm auth requisite pam_fpr.so dual gdm auth requisite pam_smartcard.so dual gdm auth requisite pam_authtok_get.so.1 gdm auth required pam_dhkeys.so.1 gdm auth required pam_unix_cred.so.1 gdm auth required pam_unix_auth.so.1 -- Best Regards, GaoPeng Chen Call: +86-10-62673005 Ext: x82005 Sun Microsystem Inc. China
