[driver-discuss] Re: [desktop-discuss] Project Proposal: Fingerprint Authentication
Gaopeng Chen - Sun China
Gaopeng.Chen at sun.com
Sun Jun 17 19:47:22 PDT 2007
>
> I think that the dual-mode login idea is a good one, but what happens
> in a situation where I want a more complicated PAM setup. For example,
> what about where I want smart card, fingerprint reader, and password
> to all work. Is this framework extensible enough to allow such setups?
Yes, since the PAM modules are streamlined, we can configure it by
pam.conf.
>
> What if I have two dual-mode PAM modules. One for fingerprint reader
> and user-password and a second dual-mode PAM module for smartcard
> reader and user-password. Would things get a little ugly if I tried
> to use them both together?
With the following PAM stack, we can login by passing the authentication
of fingerprint, smartcard and passwd in series, or directly login by
user-pass at any time. Please note that no trial-mode is provided, so
fingerprint or smartcard must be verified by sequence. Thanks.
gdm auth requisite pam_fpr.so dual
gdm auth requisite pam_smartcard.so dual
gdm auth requisite pam_authtok_get.so.1
gdm auth required pam_dhkeys.so.1
gdm auth required pam_unix_cred.so.1
gdm auth required pam_unix_auth.so.1
--
Best Regards,
GaoPeng Chen
Call: +86-10-62673005
Ext: x82005
Sun Microsystem Inc. China
More information about the desktop-discuss
mailing list