On Tue, 28 Nov 2000, Ben Collins wrote: > On Mon, Nov 27, 2000 at 06:19:13PM +0100, Kutter, Peter wrote: > > hello, > > i want to logon with my chipcard. therefore i dont want to write my > > username at the login process. the username should be read from the card > > directly and given to the login process. So i did not find a conlusion to > > this problem by PAM i decided to rewrite the login.c file. Has anyone > > experiences with this problem or has anyone rewritten the login process ? > > Thanks > I think you'll find that wont solve your problem. On most systems, the > "login: " prompt you get initially is not from the `login' program, but it > is from a console getty. After it gets the username, it then turns over > control to the login program. Well, /bin/login ought to work without any modification at all (as long as it supports the necessary PAM prompt mechanism). You'll just need to replace the pam conversation function, and spawn it from something other than getty. :) After all, getty only prompts for the username the first time; after that, it hands control over to login, which knows how to prompt for the username again if it needs to. I think what you'd want here is a program spawned from inittab and attached to the tty which fork()s a login process. With the right command line and the right PAM module, login should simply wait for the card reader to become ready, and once ready, read the username and auth info from the card. One unfortunate side effect here is that it's difficult to make this work for multiple ttys, since only one login process can be talking to the card reader at a time. One could write something to do manage the ttys, it would just be more work. Steve Langasek postmodern programmer
