On 19/10/06, Andreas Jellinghaus <[EMAIL PROTECTED]> wrote:
Douglas E. Engert wrote:
> Is there any way to have OpenCT limit access to reader devices to
> the user logged in at the console?
sure.
chgrp scard /var/run/openct
and configure some pam module for login only,
so it adds the user to group scard.
that way only those who used login have group scard and can
use openct, while those using ssh, kdm, whatever can not.
> I sent a similiar note to the muscle list asking about PCSC.
sorry, I have little clue about pcsc. maybe ludovic knows?
I guess you can set permissions on the pcsc sockets too.
I also proposed to change the permissions on the /var/run/pcscd.*
files. Your idea of dynamically add a user in a particular group is
very good. I would prefer "smartcard" as the group name to be more
explicit.
Do you know a PAM module that does that?
Bye,
--
Dr. Ludovic Rousseau
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
