Bryan J. Smith <b.j.smith@ieee.org>
2005-May-13 16:15 UTC
[CentOS] Re: About strongs passwords! -- PAM
From: Paul Heinlein <heinlein at madboa.com>> Can you comment on any of the smart-card hardware that you've used?Actually, given the occupation I just switched back to last month, I'd better not right now (I'm still "testing the waters" on what disclosure is allowable). I've used them in 2 industries -- defense and financial -- but there's no reason why many others can't. The priniciples to SmartCards are pretty simple. You send in a public key encrypted information (typically a symmetric key or maybe a challenge string), you get the information out. Then you can use that information as appropriate. The SmartCard is used only for 1 small operation on the _client_ for the user. (although you can also use them on the server too, for the services). And via PAM, you can route all sorts of authentication through it. I'll send you some links when I have time early next week (I'm on the road / in the air all weekend starting in a few minutes). There are a lot of more "consumer" SmartCard capabilities out there, nothing of which I've used personally. -- Bryan J. Smith mailto:b.j.smith at ieee.org
Apparently Analagous Threads
- RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
- RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
- RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
- Re: About strongs passwords! -- PAM
- opensc smartcard support does not work