Hello, happy new year everybody!
That it may be a year with a lot of Sun Rays ;-)
The first day of 2006 just went by and I am already making it hard on
myself :-(.
I have cooked up a nice problem (again).
Maybe, someone out there is still sober enough to point me in the right
direction.
Thanks.
Problem:
Smartcard mobility is a very nice feature but what if, in a special
case, you don't want mobility between two subnets?
If a user starts a session in one subnet. Takes the smartcard out of the
Sunray, walks over to the other subnet and inserts the card, the user
should get a message that the smartcard is not a valid card for this
particular subnet.
What is the best place to hook into the "sunray" code to make this happen?
1. AMGH would be a nice start but it looks like it only can redirect and
not bluntly deny a smartcard.
2. Make a special pam module?
3. Try something with the global smartcard administration (utuser)?
4. Use a utaction script to only allow certain smartcards within a subnet.
Has someone done something like this before?
Ivar
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
