Hello everybody, regarding the (not recent) discussion about the security concept that happened here I've got some thoughts to share. ** SC-reader CAN be seen as an input device like mouse or keyboard - so it belongs to a virtual terminal. In this case the logon process should use the SC-reader to authenticate (via PAM or similar) and - leave a filehandle open like stdin, stdout, stderr - so the SC-reader belongs to THAT virtual terminal. But: if I'm logged on in a linux box on tty1, I can't logon on tty2 without a second reader. - OR create a 600 socket or device or whatever in the users home - so the (already opened) sc-reader is available to this user regardless of the logon-process. If the machine is mostly single-user (as an office machine) this could be a good solution. I'd like this kind of solution as it would allow to lock the console(s) if the card is removed. any other ideas? what did I get wrong? regards, phil *************************************************************** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***************************************************************
