MuscleCARD PAM (Smartcards)

Bruce Barnett redhat-pam-list at grymoire.com
Sat Sep 18 11:24:33 UTC 2004


Here's a new entry for http://www.kernel.org/pub/linux/libs/pam/modules.html

MUSCLE is "Movement for Using Smart Cards in a Linux Environment" 
		http://www.linuxnet.com/musclecard/

I've just recently added some modules to the MUSCLEcard project that
better integrates PAM into the musclecard authentication.  You create
a public/private keypair on the card, export the private key, and
store it in your home directory.  The user types in their name and PIN
value (to unlock the card).  Authorization is done by the host
creating a challenge, and the card verifies it by encoding it with
their private key.  Currently there are several tokens that can be
used, but primarily it's Javacards.

Anyhow, I have only gotten "login" and "su" integrated. I'd like to 
have the X windows login GNOME/KDE and the screenlock. 

Simply added pam_musclecard.so didn't seem to work. Perhaps I'm trying
to modify the wrong /etc/pam.d file.

Also - I'd like the screenlock to save a step by not asking the user
for a PIN (but still uses the key pair to respond to a challenge). I
believe I should use a script to detect the card has been removed,
causing the screen to lock.

Can anyone offer any advice on how to proceed? I'm new to the PAM
development club. How should I best integrated it with the X windows
login? Where should I start looking? (I'm using Fedora Core 1).





More information about the Pam-list mailing list