Re: smart card login with multiseat using PAM - cannot map device to session

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 13.10.2009 0:04, Julian Bui wrote:

Hi all,

I want to know if anyone has done this successfully or if this
functionality even exists with PAM.

I am currently using centos 5.3 and pam_pkcs11 with a multi-seat setup
(One machine, two video outs, two sets of keyboards and mice to have two
users on running off the same machine.

Currently, the multi-seat setup allows me to map the two keyboard/mouse
pairs to the two monitors.  The multiseat service allows me to specify a
usb hub that is specific to a terminal so I can specify usb bus port 5-1
to my first display and 5-2 to my second display, for example, so that
each user  has his own keyboard & mouse.

To extend that idea, I have put a usb smart card reader on each port.

This, however, does not work.

When person A, at station A plugs in his CAC card into smart card reader
A and the OS/session manager asks him for his pin.  This works and
allows him to login using CAC card, BUT when you look at station B,
station B's session manager is now also asking for the smart card pin
even though he has not even put in his CAC...it would seem like the
authentication module linked to the login module does not allow you to
map authentication device to session.

Has anyone gotten something like this to work?  Does anyone use PAM &
multiseat?  Is this even possible with the latest version of PAM?  Is
this a problem with PAM or something with a KDE manager or maybe coolkey
or maybe the enterprise smart card module (ESC)?
That's not a job of PAM. Even tying specific keyboard/mouse pair to a specific screen is not it's job. As for cardreaders, they're in general not tied to the specific screen, they're global devices, thus results you get. What do you think, how tying the specific cardreader to the specific screen could be accomplished, keeping in mind cardreaders being not HID devices? This sounds much like tying the specific USB hard drive or USB flash drive to the specific console user session. 
--

Sincerely Your, Dan.

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux