<quote who="Brian Fahrlander"> > Sounds like a good start; given that it's a "keyboard wedge" how > would I approach such a system, via PAM? I'm not a programmer, but I > understand the environment, mostly... Ideally I'm considering implementing a similar system where I work. I want to use a USB key. It would be nice if the machine did not even present a logon prompt until after a USB card has been connected and the information verified. Then the user would get the standard Linux logon prompt. The major deviation is the user name would have to match the user on the keycard. Idealy, they certificate on the USB key would change each time the user logs on. Since we have three locations and central key management doesn't seem like a good idea, I'm thinking I would have to have some sort of machine name + certificate scheme. After a quick search, I came up with this site: http://pam-x509.sourceforge.net/ Brian, this seems to do exactly what you want. As a matter of fact, I may be able to modify it to do what I want also. I'm wondering, would a fingerprint device give me any additional security or would it just be a waste of money?
