Smartcards

pau carre pau.carre at gmail.com
Thu Nov 6 09:27:37 PST 2008


Hello  Adam,

2008/11/6 Adam Jackson <ajax at nwnk.net>:
> On Thu, 2008-11-06 at 09:56 +0100, pau carre wrote:
>> Hello, I am looking for smart card X.org documentation. Does anyone
>> knows where to get it?
>> Anyway, have someone successfully deployed an xorg server with smart
>> card support?
>
> The X server has nothing to do with user authentication [*].  The
> display manager does, but don't use xdm, we all hate it and it's not
> maintained.
>

¿Is the display manager the one that catchs events in the client
(token plugged, content signed...) and send them (the signed content)
to the server?

¿Do server applications behave as if there was a plugged smartcard
connected in the server?

> Typically this has more to do with how you set up PAM.  PAM has no way
> of signalling to the authenticating application that an event happened
> (like plugging in the card), so I think the way we handled this in
> Fedora was to patch gdm to listen for the plug event on dbus and restart
> the PAM context when we heard a smartcard event.  But that's just based
> on listening to our gdm guy complain about it over lunch, and on:
>

OK, but this seems to be a client solution, not a client-server
solution. I am looking for a way to let thin clients authenticate and
sign content in remote server applications, just as video, audio and
keyboard in X11.

¿Do you know any technology for doing that?

> http://cvs.fedora.redhat.com/viewvc/rpms/gdm/F-8/gdm-2.19.1-security-tokens.patch?revision=1.8&view=markup
>
> Note that gdm got rewritten in the meantime, so that patch is almost
> certainly not directly applicable anymore.
>

Is it going to be patched?

> [*] - Slight lie, but close enough to the truth for this discussion.
>
> - ajax
>

Thanks,
Pau



More information about the xorg mailing list