mailing list archives
Re: Smart Card - Sun.
From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Thu, 7 Nov 2002 16:36:35 -0700
As a caveat, I have not actually used Smart Cards (we can't afford
them). I have read a little on them, and seen them in use in a Sun
demo lab though (which was really neat).
On Thu, Nov 07, 2002 at 09:04:08AM +0100, Jens Johansson wrote:
I have a Sun Blade 100 workstation, running Solaris 9.
The Sun Blade 100 is delivered with Solaris 8, wich does not support the
smart card reader, Solaris 9 (wich is installed) does tho...
My questions here are pretty basic.
How does the smart card authentication work ?
There is stuff on the card. The machine makes sure that stuff matches the
stuff for a particular user.
What information is stored on the card ?
There can all sorts of stuff. I am not sure on the specifics. There
seemed to be a lot of papers on bitpipe.com. They have a Smart Card
section, but also just search for "smart card".
How's the security ?
The same as a key on your key chain.
What do i achive using this authentication method ?
There is a SmartCard PAM module under Solaris 8, there is *very*
likely one under Solaris 9. You could come up with something more
exotic, but that should do.
I mean, will i still need a password? like pgp encrypt password phrase?
You can use passwords *and* the smart card, but the way I have seen
Sun use them, they treated them like ignition keys in a car. Stuff it
in the card reader and hold onto your seat as you are logged in
without touching the keyboard.
You could probably store some wierd thing on the smart card that was
encrypted (somehow) and needs a passphrase to decrypt (the data that
was encrypted would be then used during the authentication). But this
sounds like a big pain in the rear. You would also do this via PAM
What happens if i loose my smartcard?
The guy who finds it can use it like you can. Root can reset the card
authentication, if that is what you are angling at. Its just like
your car keys.
I know you looked on docs.sun.com, but here is something to look at.
The smart card manpages are also quite informative (under Solaris 8
anyway). "man -k card" yeilded a few. "man -s 5 smartcard" would be
a fairly OK starting point.
__o Bradley Arlt Security Team Lead
_ \<_ arlt () cpsc ucalgary ca University Of Calgary
(_)/(_) I should be biking right now. Computer Science