I'm hoping to get some guidance / clue bats / shock and horror in
implementing Smart Card support for XSpice clients.
I think I have a tentative, but sufficient grasp of how the Smart Card
stuff flows from the client into the server. It's not quite as clear
how the server bridges it into qemu, but I think I have the gist of it.
However, that doesn't work for XSpice sessions.
It looks to me that this should be possible. My research suggests that
pam_pkcs11 is pluggable, and that it should be possible to write a
module that would receive the cert information.
So presuming I have a module hook ready to receive certs, the next
question is how to get them there.
The way that 'feels' right to me is to extend the Linux vd_agent to
receive the smart card traffic, and so it is then vd_agent that
communicates with my hypothetical pam hook.
The alternate would be to put it into the spiceqxl_drv.so. That seems
less ideal, but would probably be less code, and wouldn't require
messing with the vdagent protocol.
Thoughts? Comments? Clue bats?
Thanks,
Jeremy
_______________________________________________
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel
