Smart Card Login

June 9, 2007

So for RHEL 5, our moutainview team needed smart card login to work out of the box for DoD cac cards. I got asked to assist on the project, so I did the leg work to get gdm and gnome-screensaver responding to smart cards getting put in and pulled out. I also did a bit of work on the pam_pkcs11 pam module (Although that was mostly written by Bob Relyea of NSS fame).

Anyway, the bulk of the code was just cut-n-paste between gdm and gnome-screensaver. The longterm plan was to create a separate dbus service to do the actual talking to the card and have gdm and gnome-screensaver talk to the service . This is good because it reduces memory footprint, speeds up response time (which can be pretty slow with cac cards!), and means the card only has to get unlocked once instead of n times (which is an important feature if smartcard login is to ever become true single sign on). Anyway, RHEL5 came and we haven’t had time to implement the service.

Well, I got an email from boc the other day (well it was a few weeks ago), that he took my code and put it into a dbus service as part of work he’s doing for Novell! Awesome.

Leave a Reply