PAM with Credit Cards
Brian Fahrlander
brian at fahrlander.net
Sun Feb 27 14:10:52 UTC 2005
On Sun, 2005-02-27 at 07:51 -0600, David Hoffman wrote:
> On Sun, 27 Feb 2005 07:37:25 -0600, Brian Fahrlander
> <brian at fahrlander.net> wrote:
> Considering that most MagStripe readers will send input through the
> keyboard port (although there are some that are a direct serial
> connection) you may not have to do much other than be sure that the
> information in the stripe is encoded properly. What I mean is that it
> would be the same as walking up to a machine with a login prompt and
> typing the username, a carriage return, a password, and another
> carriage return.
>
> However, I would be more concerned about security. If someone loses a
> card, then anyone else who finds it is in the system.
>
> Any type of physical security device should always be backed up by
> something that the user knows. Even SecureID cards only contain enough
> information to authenticate that the user should be granted access,
> but they are only good if the second piece of the puzzle is there, and
> that would have to be the users's login name or some other
> information. For a better example, you can't just go to your bank with
> someone else's ATM card and get money... you have to know the PIN as
> well. So my suggestion is that while you may use the card for entering
> a user name, it would not be secure to use it for the user name AND
> password.
>
Sounds like a good start; given that it's a "keyboard wedge" how
would I approach such a system, via PAM? I'm not a programmer, but I
understand the environment, mostly...
--
------------------------------------------------------------------------
Brian Fahrländer Christian, Conservative, and Technomad
Evansville, IN http://www.fahrlander.net
ICQ: 5119262 AIM: WheelDweller
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050227/b99cafb2/attachment-0001.sig>
More information about the fedora-list
mailing list