I have been looking at replacing our current login systems with a single login solution. In the process I managed to get sidetracked into investigating pam_pkcs11. My question, which no doubt reveals the depth of my ignorance, is: Can a simple USB flash memory stick be configured to work with this or some similar module of which I as yet know nothing? Everything I have managed to find about this method of loging on to CentOS implies that either a special smart-card and dedicated reader or a purpose-built usb smart-token is required. Is this in fact so? Is there no way to just use a standard usb flash memory 'key' to achieve the same effect? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
m.roth at 5-cent.us
2014-Apr-16 21:00 UTC
[CentOS] A naive question respecting x.509 logins
James B. Byrne wrote:> I have been looking at replacing our current login systems with a single > login solution. In the process I managed to get sidetracked intoinvestigating> pam_pkcs11. My question, which no doubt reveals the depth of my > ignorance, is: Can a simple USB flash memory stick be configured to workwith this or> some similar module of which I as yet know nothing? > > Everything I have managed to find about this method of loging on to CentOS > implies that either a special smart-card and dedicated reader or a > purpose-built usb smart-token is required. Is this in fact so? Is there > no way to just use a standard usb flash memory 'key' to achieve the same > effect?Not sure. All I know is from our usages, and as this is a US government facility, we have our PIV-II cards... and use pcscd which uses pkcs11. mark
m.roth at 5-cent.us
2014-Apr-16 21:01 UTC
[CentOS] A naive question respecting x.509 logins
James B. Byrne wrote:> I have been looking at replacing our current login systems with a single > login solution. In the process I managed to get sidetracked intoinvestigating <snip> Right... and the answer to this part - have you looked into kerberos? mark