[Spice-devel] Help with SmartCards and XSpice
Jeremy White
jwhite at codeweavers.com
Tue Jul 22 12:41:00 PDT 2014
I'm hoping to get some guidance / clue bats / shock and horror in
implementing Smart Card support for XSpice clients.
I think I have a tentative, but sufficient grasp of how the Smart Card
stuff flows from the client into the server. It's not quite as clear
how the server bridges it into qemu, but I think I have the gist of it.
However, that doesn't work for XSpice sessions.
It looks to me that this should be possible. My research suggests that
pam_pkcs11 is pluggable, and that it should be possible to write a
module that would receive the cert information.
So presuming I have a module hook ready to receive certs, the next
question is how to get them there.
The way that 'feels' right to me is to extend the Linux vd_agent to
receive the smart card traffic, and so it is then vd_agent that
communicates with my hypothetical pam hook.
The alternate would be to put it into the spiceqxl_drv.so. That seems
less ideal, but would probably be less code, and wouldn't require
messing with the vdagent protocol.
Thoughts? Comments? Clue bats?
Thanks,
Jeremy
More information about the Spice-devel
mailing list