Re: PAM with Credit Cards

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 27 Feb 2005 23:21:33 -0500 (EST), AragonX <aragonx@xxxxxxxxxx> wrote:
> <quote who="Brian Fahrlander">
> >     Sounds like a good start; given that it's a "keyboard wedge" how
> > would I approach such a system, via PAM?  I'm not a programmer, but I
> > understand the environment, mostly...
> Ideally
> I'm considering implementing a similar system where I work.  I want to use
> a USB key.  It would be nice if the machine did not even present a logon
> prompt until after a USB card has been connected and the information
> verified.  Then the user would get the standard Linux logon prompt.  The
> major deviation is the user name would have to match the user on the
> keycard.
> 
> Idealy, they certificate on the USB key would change each time the user
> logs on.
> 
> Since we have three locations and central key management doesn't seem like
> a good idea, I'm thinking I would have to have some sort of machine name +
> certificate scheme.
> 
> After a quick search, I came up with this site:
> 
> http://pam-x509.sourceforge.net/
> 
> Brian, this seems to do exactly what you want.  As a matter of fact, I may
> be able to modify it to do what I want also.
> 
> I'm wondering, would a fingerprint device give me any additional security
> or would it just be a waste of money?
> 

Consider the larger number of prints used the higher the number of
false positives.  Which is why law enforcement agencies use computers
to narrow the search to a number that humans can process.

The best bet is to have the print matched against the print on the USB
key.  I believe they also increase the number of points used for a
match when this is done (increasing accuracy).

-- 
Leonard Isham, CISSP 
Ostendo non ostento.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux