Hi Harald,
I'm heading out on vacation and it's late, so I don't have the
URL to the branch of the svn repository where the code I integrated
awhile
ago is, but if you poke around you'll find a Solaris implementation that
handles most of the issues you're describing, which we'd like to try to
port to Linux and ultimately merge with the trunk. Although there is
a substantial amount of effort to do that and no specific timeframe yet.
In that directory is an architectural document you may want to review
to understand the model and see how well it fits your needs.
On Solaris with Sun Ray windows connector, we use it to handle
smart card transactions over a large number of RDP sessions.
If you want to participate in the effort to make this code
more platform neutral and work toward getting it into the trunk,
let me know.
Paul
On Jul 20, 2008, at 12:37 AM, Harald Milz wrote:
Hi,
I am new to this list so please bear with me ... I've been trying to
find
out if any progress has been made as far as multiuser operation of
pcscd.
There has been a discussion around Sun-Ray thinclients in 2006 but I
haven't been able to find out if there was any result.
Specifically, I want to find ways to run USB smartcard readers in a
NoMachine (NX) environment, where many users are remotely connected
with thinclients or Windows or Linux workstations, and working in
Windows terminal server (i.e. RDP) sessions. (If you are unfamiliar
with
NoMachine, see http://www.nomachine.com/technology.php for a
technology
overview). The smartcards should be visible in the Windows sessions.
The
current plan involves running USB over IP (usbip.sf.net) and making
the
USB devices available within the Linux NX node environment, then using
"rdesktop -r scard" to import the SC into the RDP session. Apart from
the fact that the usbip project needs some more work done, I need to
find out how I can use pcscd in a secure way when tens or even
hundreds
of users are connected to the same NX node. The major question is, how
does the NX administrator distinguish all these card readers (which
are
potentially of the same vendor and model) virtually connected to the
NX
node in order to forward each user only her/his SC reader into their
RDP
sessions. The end users have no access to the nx node sessions per se
when running a RDP session. So the scenario is, we have tens or
hundreds
of rdesktop processes linked against libpscslite.so which in turn
wants
to talk with the pcscd unix domain socket.
Q1: does pcscd support talking to multiple pcsc clients at the same
time?
If yes, is there an architectural limit how many?
Q2: on the pcsc client level, how do I tell the smartcard readers
apart
when they are the same make and model, in order to build the proper
rdesktop command for each user?
Q3: has any progress been made as far as access security? In 2006
there
were talks about running pcscd against PAM. Would that include
separating
card readers from each other, and allowing a user to see only her/his
reader?
Thanks for any insight or hint!
--
You might have mail
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
