Smartcards

Adam Jackson ajax at nwnk.net
Thu Nov 6 07:38:00 PST 2008


On Thu, 2008-11-06 at 09:56 +0100, pau carre wrote:
> Hello, I am looking for smart card X.org documentation. Does anyone
> knows where to get it?
> Anyway, have someone successfully deployed an xorg server with smart
> card support?

The X server has nothing to do with user authentication [*].  The
display manager does, but don't use xdm, we all hate it and it's not
maintained.

Typically this has more to do with how you set up PAM.  PAM has no way
of signalling to the authenticating application that an event happened
(like plugging in the card), so I think the way we handled this in
Fedora was to patch gdm to listen for the plug event on dbus and restart
the PAM context when we heard a smartcard event.  But that's just based
on listening to our gdm guy complain about it over lunch, and on:

http://cvs.fedora.redhat.com/viewvc/rpms/gdm/F-8/gdm-2.19.1-security-tokens.patch?revision=1.8&view=markup

Note that gdm got rewritten in the meantime, so that patch is almost
certainly not directly applicable anymore.

[*] - Slight lie, but close enough to the truth for this discussion.

- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://lists.x.org/archives/xorg/attachments/20081106/c4666a9e/attachment.pgp>


More information about the xorg mailing list