Hi, I am new to this list so please bear with me ... I've been trying to find out if any progress has been made as far as multiuser operation of pcscd. There has been a discussion around Sun-Ray thinclients in 2006 but I haven't been able to find out if there was any result.
Specifically, I want to find ways to run USB smartcard readers in a NoMachine (NX) environment, where many users are remotely connected with thinclients or Windows or Linux workstations, and working in Windows terminal server (i.e. RDP) sessions. (If you are unfamiliar with NoMachine, see http://www.nomachine.com/technology.php for a technology overview). The smartcards should be visible in the Windows sessions. The current plan involves running USB over IP (usbip.sf.net) and making the USB devices available within the Linux NX node environment, then using "rdesktop -r scard" to import the SC into the RDP session. Apart from the fact that the usbip project needs some more work done, I need to find out how I can use pcscd in a secure way when tens or even hundreds of users are connected to the same NX node. The major question is, how does the NX administrator distinguish all these card readers (which are potentially of the same vendor and model) virtually connected to the NX node in order to forward each user only her/his SC reader into their RDP sessions. The end users have no access to the nx node sessions per se when running a RDP session. So the scenario is, we have tens or hundreds of rdesktop processes linked against libpscslite.so which in turn wants to talk with the pcscd unix domain socket. Q1: does pcscd support talking to multiple pcsc clients at the same time? If yes, is there an architectural limit how many? Q2: on the pcsc client level, how do I tell the smartcard readers apart when they are the same make and model, in order to build the proper rdesktop command for each user? Q3: has any progress been made as far as access security? In 2006 there were talks about running pcscd against PAM. Would that include separating card readers from each other, and allowing a user to see only her/his reader? Thanks for any insight or hint! -- You might have mail _______________________________________________ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
