PAM Slot numbers - trouble understanding the scenario
Dan Yefimov
dan at lightwave.net.ru
Mon Oct 12 22:25:56 UTC 2009
On 13.10.2009 0:26, Julian Bui wrote:
> Hi all,
>
> I'm trying to figure out the options that PAM uses.
>
> One option that caught my eye is the slot number option found in
> pam_pkcs11.conf, since this sounds like it could possibly help me map
> devices to session logins on a multi-seat desktop.
>
> Anyway, the documentation reads: "
> slot_num=<nr>
>
> Slot-number to use: 1 for the first, 2 for the second and so on. The
> default value is 0, which means to use the first slot with an
> available token."
>
> I am confused as to what the slots are. This documentation/description
> may seem obvious to you guys, but I do not know what it means. I am
> having trouble understanding the hardware setup and the
> scenario/usecase. Is this for multiple security devices (like 3 smart
> card readers, for example) ? Maybe slot_num=2 means it uses the CAC
> card in card reader #2 for the login? Why would this be useful? How do
> you assign IDs to the devices? Maybe I'm completely misinterpreting
> this option.
>
First of all, the 'slot=' parameter, you meantioned, is global, IOW, it is the
same for ALL login instances, thus it isn't helpful for multi-seat
installations. From the excerpt, you provided, it's clear, that the 'slot='
parameter is the number of token device to use for logging the user in. The
number of the particular device depends on the bus scanning order.
--
Sincerely Your, Dan.
More information about the Pam-list
mailing list