-----Original Message-----
From: Jesse I Pollard - CONTRACTOR 
To: MUSCLE <[EMAIL PROTECTED]>
Date: Wed, 6 Oct 2004 11:02:54 -0400 (EDT)
Subject: Re: [Muscle] Avoid asking for a username in smart card login

> In many circumstances, it won't work.
> 

Well... I don't claim this should be the standard solution; only that in
the application I'm currently working on this would be *very* convenient.

This is a "marketing issue" too. If the user must introduce a username and
a password for the token (pin), it doesn't *feel* diffent.

> 1. User has multiple accounts and will need some way to select which
>    one to use.

If an user has multiple accounts there's a chance he has multiple smart
cards too. Anyway, this won't be a problem in my environment.

> 2. The certificate (at least in the DoD CAC case) has no username
>    other than the DN name, which doesn't match anybodys idea of a
>    login name.
> 

Yes... this is the most delicate problem. I assume that you are aware
about how Mario Strasser's module checks the name. In your opinion, what
would be the best way to get the user name from the card?

I think that if it was configurable everybody could be able to find the
scheme that suits more to his application.

Thanks,

Josep

P.S.: I'm writing from an horrible MUA (webmail), sorry if it doesn't
thread messages correctly.

_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.drizzle.com/mailman/listinfo/muscle

Reply via email to