USB Token, SmartCard, Logon.
This is a discussion on USB Token, SmartCard, Logon. within the Linux Security forums, part of the System Security and Security Related category; Hello folks, Sorry about the cross-posting. I plan to develop a three-way authentication login system for Linux. I ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-13-2004
|
|||
|
|||
USB Token, SmartCard, Logon.
Hello folks, Sorry about the cross-posting. I plan to develop a three-way authentication login system for Linux. I want to change the way people Logon to Linux so that a SmartCard or a USB Token would be required in addition to "username" and "password". In Windows NT systems, there is an architecture based on Winlongo/GINA/LSA/AP components, which make it reasonable easy to change the Logon Interface and authentication mechanisms. Since I am developing my own hardware, I need to change the Linux Logon myself. So, I have some questions: a.. How is the software architecture behind a user Linux Logon-Session-Logoff? b.. Which are the files that this architecture comprises? Thank you, Roberto Gallo 
|
|
09-13-2004
|
|||
|
|||
|
Re: USB Token, SmartCard, Logon.
Roberto Gallo wrote:
> > Since I am developing my own hardware, I need to change the Linux Logon > myself. > > So, I have some questions: > > a.. How is the software architecture behind a user Linux > Logon-Session-Logoff? > b.. Which are the files that this architecture comprises? > Usually this is done via the PAM libs on most modern Unix type systems. This provides an abstraction layer between the application (login, ssh, xdm etc) and the authentication system (ldap, shadow passwords, kerberos etc). Most distributions install the documentation for PAM but in case you haven't actually got a linux box yet, try http://www.kernel.org/pub/linux/libs/pam/ (first entry when you type PAM and linux into google). HTH C.
|
|
09-13-2004
|
|||
|
|||
|
Re: USB Token, SmartCard, Logon.
On Mon, 13 Sep 2004 10:59:12 -0300, Roberto Gallo
<robertogallofilho@hotmail.com> wrote: > I plan to develop a three-way authentication login system for Linux. I want > to change the way people Logon to Linux so that a SmartCard or a USB Token > would be required in addition to "username" and "password". Sounds like you need to read up on "Pluggable Authentication Modules" aka "PAM". This site <http://www.kernel.org/pub/linux/libs/pam/> has some links and docs. -- -| Bob Hauck -| To Whom You Are Speaking -| http://www.haucks.org/
|
|
09-13-2004
|
|||
|
|||
|
Re: USB Token, SmartCard, Logon.
Roberto Gallo wrote:
> Hello folks, > > > > Sorry about the cross-posting. > > > > I plan to develop a three-way authentication login system for Linux. I want > to change the way people Logon to Linux so that a SmartCard or a USB Token > would be required in addition to "username" and "password". > > > > In Windows NT systems, there is an architecture based on > Winlongo/GINA/LSA/AP components, which make it reasonable easy to change the > Logon Interface and authentication mechanisms. > > > > Since I am developing my own hardware, I need to change the Linux Logon > myself. > > > > So, I have some questions: > > > > a.. How is the software architecture behind a user Linux > Logon-Session-Logoff? > b.. Which are the files that this architecture comprises? > > Forget Windows' methods. Have you read the User Authentication HOWTO? HTH Tauno Voipio tauno voipio (at) iki fi
|
Linear Mode
