Hey, while we're talking features: another feature I really like about pam_pkcs11 is that, in GDM, you can type your PIN and press enter before inserting your smartcard. I'm not even sure the feature belongs in pam_pkcs11 or in gdm, but the behaviour changed when i switched to pam_sss so I'm thinking the former.
It's a little thing, but its a little annoying to have to wait for the smart card to be recognized before you can start typing the PIN. Have a good weekend! //Adam 2017-10-20 16:59 GMT+02:00 Winberg, Adam <adam.winb...@smhi.se>: > Ok - great work by the way, keep it up! > > //Adam > > 2017-10-20 16:37 GMT+02:00 Sumit Bose <sb...@redhat.com>: > >> On Fri, Oct 20, 2017 at 04:25:52PM +0200, Winberg, Adam wrote: >> > Using pam_pkcs11 we can use the parameter 'wait_for_card' to halt the >> pam >> > process until a smart card is inserted. Is there any feature like that >> with >> > pam_sss? >> > >> > Use case is to require smart card for logins. With GDM this is >> configured >> > via dconf, but with console/tty logins there is no such configuration >> > available as I know of. So with pam_sss you can freely logon to a TTY >> > without using smartcard. Or maybe there is a solution out there I'm >> missing? >> >> This is work-in-progress, I'll try to implement missing features from >> pam_pkcs11 step by step. >> >> bye, >> Sumit >> >> > >> > Regards >> > Adam >> >> > _______________________________________________ >> > sssd-users mailing list -- sssd-users@lists.fedorahosted.org >> > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org >> _______________________________________________ >> sssd-users mailing list -- sssd-users@lists.fedorahosted.org >> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org >> > >
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
