Robert Relyea wrote:
> Huie-Ying Lee wrote:
>> Hello,
>>
>> The pam_pkcs11 module assumpts that all PKCS#11 tokens are
>> smartcards, so it will display "Smart card" key word in the PAM
>> prompt message. However, most of the PKCS#11 tokens are not Smart
>> cards. so we modified some prompt messages to avoid confusion when
>> we ported this module to Solaris OS.
> Hmm, our 'smart cards' are USB tokens, but the name 'Token' seemed to
> confuse users more than 'Smart Card'. Even so most of our customers
> are still using "honest to God" smart cards.
>
> That being said, it's may be OK to move to 'Token' and start educating
> users. I would like the first prompt, however to as the user to insert
> their token. Removing the 'insert' verbage confused users who think
> smart card/token login is not enabled.
>
Hello Bob,
Yes, in most cases, a smart card in involved, but not all. In some
case, you don't need to insert anything. So the prompt needs to be
as generic as possible.
> I would also prefer not to explicitly reference PKCS #11. While I,
> myself, like the standard and I'm encouraged to see it's development,
> this string shows up in the login screen for users trying to access
> their computers. They don't have a clue what a PKCS #11 module is.
>
Right, a "PKCS#11" reference in the prompt is not needed. We can
remove it from the 2nd prompt changes.
Thanks,
Huie-Ying
> bob
>> Attached is the patch file, please let me know if you have any
>> comments.
>>
>> Thanks,
>> Huie-Ying
>>
>> ------------------------------------------------------------------------
>>
>> Index: src/pam_pkcs11/pam_pkcs11.c
>> ===================================================================
>> --- src/pam_pkcs11/pam_pkcs11.c (revision 340)
>> +++ src/pam_pkcs11/pam_pkcs11.c (working copy)
>> @@ -281,7 +281,7 @@
>> }
>> } else {
>> pam_prompt(pamh, PAM_TEXT_INFO, NULL,
>> - _("Please insert your smart card or enter your
>> username."));
>> + _("Please enter your username."));
>> /* get user name */
>> rv = pam_get_user(pamh, &user, NULL);
>>
>> @@ -389,7 +389,7 @@
>> }
>> }
>> } else {
>> - pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Smart card inserted. "));
>> + pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Found the PKCS#11 slot with
>> a token."));
>> }
>> rv = open_pkcs11_session(ph, slot_num);
>> if (rv != 0) {
>> @@ -405,10 +405,10 @@
>> if (configuration->use_first_pass) {
>> rv = pam_get_pwd(pamh, &password, NULL, PAM_AUTHTOK, 0);
>> } else if (configuration->try_first_pass) {
>> - rv = pam_get_pwd(pamh, &password, _("Smart card password: "),
>> PAM_AUTHTOK,
>> + rv = pam_get_pwd(pamh, &password, _("Token password: "), PAM_AUTHTOK,
>> PAM_AUTHTOK);
>> } else {
>> - rv = pam_get_pwd(pamh, &password, _("Smart card password: "), 0,
>> + rv = pam_get_pwd(pamh, &password, _("Token password: "), 0,
>> PAM_AUTHTOK);
>> }
>> if (rv != PAM_SUCCESS) {
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> opensc-devel mailing list
>> [email protected]
>> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
