El mié, 18-06-2008 a las 23:29 +0200, Michael Grünewald escribió: > Hello, > during work for a seminar about smartcards and linux I found pam_pkcs11, > which works really nice. But I think there is a major security issue in the > card_eventmgr/pkcs11_cardmgr configuration samples. The screensaver is > unlocked regardless of the card inserted. When someone locked the screen by > removing the smartcard, I could easily place my own in the reader and unlock > the workstation. Is there an error in reasoning on my side or am I right?
You're right: it's a (serious) bug. lock manager should ask pam to ensure that provided card id matches logged user session I'm not actually the mantainer of pam_pkcs11. So I'll forward your question to opensc development mailing list. Regards Juan Antonio
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
