On 17/11/06, Jonsito <[EMAIL PROTECTED]> wrote:
El vie, 17-11-2006 a las 14:47 +0100, Ludovic Rousseau escribió:
- that the PKCS#11 lib will/can use the PIN pad so
the PAM module do not have to ask for a PIN on the keyboard.
I ask pin/password by mean of pam libraries. so no control on
where pam stack takes the data.... perhaps an extra pam module
is needed to retrieve password from pinpad
You can't retrieve a password from a pinpad. That is the main purpose
of a pinpad. The PIN only goes from the reader to the card without any
possibility for the PC to know it. So when a pinpad is used no PAM
module will ever know the PIN.
Note that this applies to my last version of pam_pkcs11.
Fedora people have been working intensively in this module
(is now part of FC6) and their one is much better (NSS support
for instance). Perhaps you should study their code
Robert, do you (RedHat) plan to integrate your changes back in the
upstream pam_pkcs11 or is it a fork?
I got pam_pkcs11-0.5.3-22.src.rpm and the patches look fine. What
would be nice is a comment on each patch and/or a link between a patch
and a comment in the .spec file.
Bye,
--
Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
