On Sun, 27 Feb 2005 07:37:25 -0600, Brian Fahrlander <brian@xxxxxxxxxxxxxx> wrote: > > I'm looking into something...maybe some long-term plans. Let's say I > handed out a bunch of magnetic cards for students to use, each with a > name on it an/or PIN, and wanted them to walk up to a PC with a reader > and use that card (probably authorized by LDAP somehow) to 'be' their > login/password. > > How tough would it be to write that kinda PAM module? Has anyone > here done it? > Considering that most MagStripe readers will send input through the keyboard port (although there are some that are a direct serial connection) you may not have to do much other than be sure that the information in the stripe is encoded properly. What I mean is that it would be the same as walking up to a machine with a login prompt and typing the username, a carriage return, a password, and another carriage return. However, I would be more concerned about security. If someone loses a card, then anyone else who finds it is in the system. Any type of physical security device should always be backed up by something that the user knows. Even SecureID cards only contain enough information to authenticate that the user should be granted access, but they are only good if the second piece of the puzzle is there, and that would have to be the users's login name or some other information. For a better example, you can't just go to your bank with someone else's ATM card and get money... you have to know the PIN as well. So my suggestion is that while you may use the card for entering a user name, it would not be secure to use it for the user name AND password.
