On 13.10.2009 0:04, Julian Bui wrote:
Hi all,
I want to know if anyone has done this successfully or if this
functionality even exists with PAM.
I am currently using centos 5.3 and pam_pkcs11 with a multi-seat setup
(One machine, two video outs, two sets of keyboards and mice to have two
users on running off the same machine.
Currently, the multi-seat setup allows me to map the two keyboard/mouse
pairs to the two monitors. The multiseat service allows me to specify a
usb hub that is specific to a terminal so I can specify usb bus port 5-1
to my first display and 5-2 to my second display, for example, so that
each user has his own keyboard & mouse.
To extend that idea, I have put a usb smart card reader on each port.
This, however, does not work.
When person A, at station A plugs in his CAC card into smart card reader
A and the OS/session manager asks him for his pin. This works and
allows him to login using CAC card, BUT when you look at station B,
station B's session manager is now also asking for the smart card pin
even though he has not even put in his CAC...it would seem like the
authentication module linked to the login module does not allow you to
map authentication device to session.
Has anyone gotten something like this to work? Does anyone use PAM &
multiseat? Is this even possible with the latest version of PAM? Is
this a problem with PAM or something with a KDE manager or maybe coolkey
or maybe the enterprise smart card module (ESC)?
That's not a job of PAM. Even tying specific keyboard/mouse pair to a specific
screen is not it's job. As for cardreaders, they're in general not tied to the
specific screen, they're global devices, thus results you get. What do you
think, how tying the specific cardreader to the specific screen could be
accomplished, keeping in mind cardreaders being not HID devices? This sounds
much like tying the specific USB hard drive or USB flash drive to the specific
console user session.
--
Sincerely Your, Dan.
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list