adding a few "info.capability" to the fci files is fine with me. the other side is: how these are evaluated.
if I have a machine, where both gui access as well console login need the smart card reader, then giving exclusive rights to the one logged in, will break console login? I understand the things stanislav want to do, and agree they are nice. (I used to "play redalert.wav" in 93 in a linux mailbox and got the attention of the sysadmin quite fast :) ) but: unix user and groups don't work to implement this at all. (if you are once logged as gui user and e.g. are included in the audio group, then all you need to do is copy the shell, make it setgid audio and you are done - later a login on the ssh where you don't get the audio group, you can run that setgid shell). sure, the linux security modules stuff can prevent this scenario... my private opinion is, that a server granting access to authenticated users is the best way - X works fine that way e.g. and I think a central smart card daemon would be great, as you could e.g. enter the pin once during login and keep the card in a verified state so applications can use it without asking the user for the pin all the time. but we have no such software (and some people don't like the scenario), so that is only idle talk. suze can implement whatever they want, we can't stop them. and I think it is real nice of stanislav to contact us on the issue, and discuss the options they have, and synchronize e.g. which keywords to put into the hal fci file. I think that level of cooperation is great! which reminds me that I nearly never get any feedback from any distribution but from time to time went around and looked at their setup and changes and patches, as nearly noone would send patches back upstream. thus any cooperation from distribution to upstream is very nice and something we should be glad to have! Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
