Huie-Ying Lee wrote:
Hello,I have completed the prompt configuration enhancement, as suggested by Ludovic. In this enhancement, I added a new field, token_type, in the pam_pkcs11.conf file. The value of the "token_type" will be used in the user prompt messages and its default value is "Smart card".The pam_pkcs11 source code has been updated accordingly and the patch file is attached here. Please feel free to modify the prompt messages, as you see fit.Thanks, Huie-Ying
Hi Huie,It still looks like you are unconditionally changing the prompt to be 'Enter your user name'. That still leaves the problem of telling the user that 'smart card login' is enabled. We at least need something like 'Please insert your token', etc. I wouldn't have a problem with reading that from a config file either.
bobBTW does the _(password_prompt) do the right thing for the translation teams?
bob
Huie-Ying Lee wrote:Ludovic Rousseau wrote:I propose to use a configuration here. The default name would be "smart card" but the admin could use "secure token" or whatever else We could add a "token_name" parameter in the pkcs11_module configuration. # NSS (Network Security Service) config pkcs11_module nss { nss_dir = /etc/ssl/nssdb; crl_policy = none; token_name = "secure slot" } Comments?Good idea. But I prefer to use "token_type" than token_name.No objection for "token_type". Can you propose a patch to implement these changes? Regards,OK, I can try sometime next week. Huie-Ying------------------------------------------------------------------------ Index: src/pam_pkcs11/pam_pkcs11.c =================================================================== --- src/pam_pkcs11/pam_pkcs11.c (revision 340) +++ src/pam_pkcs11/pam_pkcs11.c (working copy) @@ -281,7 +281,7 @@} } else {pam_prompt(pamh, PAM_TEXT_INFO, NULL, - _("Please insert your smart card or enter your username.")); + _("Please enter your username.")); /* get user name */ rv = pam_get_user(pamh, &user, NULL);@@ -370,7 +370,7 @@/* we haven't prompted for the user yet, get the user and see if * the smart card has been inserted in the mean time */pam_prompt(pamh, PAM_TEXT_INFO, NULL, - _("Please insert your smart card or enter your username."));+ _("Please enter your username.")); rv = pam_get_user(pamh, &user, NULL);/* check one last time for the smart card before bouncing to the next@@ -389,7 +389,8 @@ } } } else { - pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Smart card inserted. ")); + sprintf(password_prompt, "Found the %s.", configuration->token_type); + pam_prompt(pamh, PAM_TEXT_INFO, NULL, _(password_prompt)); } rv = open_pkcs11_session(ph, slot_num); if (rv != 0) { @@ -402,14 +403,14 @@ /* get password */ sprintf(password_prompt, _("Welcome %.32s!"), get_slot_tokenlabel(ph)); pam_prompt(pamh, PAM_TEXT_INFO, NULL, password_prompt); + sprintf(password_prompt, "%s PIN: ", configuration->token_type); if (configuration->use_first_pass) { rv = pam_get_pwd(pamh, &password, NULL, PAM_AUTHTOK, 0); } else if (configuration->try_first_pass) { - rv = pam_get_pwd(pamh, &password, _("Smart card password: "), PAM_AUTHTOK, + rv = pam_get_pwd(pamh, &password, _(password_prompt), PAM_AUTHTOK, PAM_AUTHTOK); } else { - rv = pam_get_pwd(pamh, &password, _("Smart card password: "), 0, - PAM_AUTHTOK); + rv = pam_get_pwd(pamh, &password, _(password_prompt), 0, PAM_AUTHTOK); } if (rv != PAM_SUCCESS) { release_pkcs11_module(ph); Index: src/pam_pkcs11/pam_config.c =================================================================== --- src/pam_pkcs11/pam_config.c (revision 340) +++ src/pam_pkcs11/pam_config.c (working copy) @@ -58,6 +58,7 @@ CONFDIR "/nssdb", OCSP_NONE }, + "Smart card", /* token_type */ NULL /* char *username */ };@@ -189,6 +190,11 @@} policy_list= policy_list->next; } + + configuration.token_type = (char *) + scconf_get_str(pkcs11_mblk,"token_type",configuration.token_type); ++ }screen_saver_list = scconf_find_list(root,"screen_savers"); if (screen_saver_list) { @@ -319,6 +325,12 @@ } continue; } + + if (strstr(argv[i],"token_type=") ) { + res=sscanf(argv[i],"token_type=%255s",&configuration.token_type); + continue; + } + if (strstr(argv[i],"config_file=") ) { /* already parsed, skip */ continue; Index: src/pam_pkcs11/pam_config.h =================================================================== --- src/pam_pkcs11/pam_config.h (revision 340) +++ src/pam_pkcs11/pam_config.h (working copy) @@ -42,6 +42,7 @@ int slot_num; int support_threads; cert_policy policy; + char *token_type; char *username; /* provided user name */ };Index: etc/pam_pkcs11.conf.example=================================================================== --- etc/pam_pkcs11.conf.example (revision 340) +++ etc/pam_pkcs11.conf.example (working copy) @@ -82,6 +82,12 @@ # You can use a combination of ca,crl, and signature flags, or just # use "none". cert_policy = ca,signature; + + # What kind of tokens ? + # The value of the token_type parameter will be used in the user prompt + # messages. The default value is "Smart card". + token_type = "Smart card"; + }# Aladdin eTokenPRO 32 ------------------------------------------------------------------------_______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
