PAM with Credit Cards
AragonX
aragonx at dcsnow.com
Mon Feb 28 04:21:33 UTC 2005
<quote who="Brian Fahrlander">
> Sounds like a good start; given that it's a "keyboard wedge" how
> would I approach such a system, via PAM? I'm not a programmer, but I
> understand the environment, mostly...
Ideally
I'm considering implementing a similar system where I work. I want to use
a USB key. It would be nice if the machine did not even present a logon
prompt until after a USB card has been connected and the information
verified. Then the user would get the standard Linux logon prompt. The
major deviation is the user name would have to match the user on the
keycard.
Idealy, they certificate on the USB key would change each time the user
logs on.
Since we have three locations and central key management doesn't seem like
a good idea, I'm thinking I would have to have some sort of machine name +
certificate scheme.
After a quick search, I came up with this site:
http://pam-x509.sourceforge.net/
Brian, this seems to do exactly what you want. As a matter of fact, I may
be able to modify it to do what I want also.
I'm wondering, would a fingerprint device give me any additional security
or would it just be a waste of money?
More information about the fedora-list
mailing list