On 17/11/06, Johannes Becker <[EMAIL PROTECTED]> wrote:
> As Martin said we should correct this. So if you can show us a PAM
> module that does not prompt for PIN that would help.
Well, nearly every other pam module has to get the password via the keyboard
and prompts for it. The only exception I know, is
pam_rootok.so
which is used in /etc/pam.d/su to allow the root user to become every other
user without password.
A PAM module do not have to ask for a password or PIN.
Now, pam_pkcs11.so prints the line
Password for token Smartkey Card TypA (globale PIN):
and it doesn't use at all what you type at this prompt.
After you type the return key, the pinpad awakes and everything
works fine.
pam_pkcs11 gets a PIN (or whatever you enter) and then send it to the
PKCS#11 lib. OpenSC then detect the PIN PAD reader and ask the PIN on
it instead of using the PIN sent by pam_pkcs11.
I don't know if pam_pkcs11 can know:
- that a PIN pad is connected
- that the PKCS#11 lib will/can use the PIN pad so the PAM module do
not have to ask for a PIN on the keyboard.
Bye,
--
Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
