Security Basics mailing list archives
Re: Smart Card - Sun.
From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Thu, 7 Nov 2002 16:36:35 -0700
As a caveat, I have not actually used Smart Cards (we can't afford them). I have read a little on them, and seen them in use in a Sun demo lab though (which was really neat). On Thu, Nov 07, 2002 at 09:04:08AM +0100, Jens Johansson wrote:
Hi. I have a Sun Blade 100 workstation, running Solaris 9. The Sun Blade 100 is delivered with Solaris 8, wich does not support the smart card reader, Solaris 9 (wich is installed) does tho... My questions here are pretty basic. How does the smart card authentication work ?
There is stuff on the card. The machine makes sure that stuff matches the stuff for a particular user.
What information is stored on the card ?
There can all sorts of stuff. I am not sure on the specifics. There seemed to be a lot of papers on bitpipe.com. They have a Smart Card section, but also just search for "smart card".
How's the security ?
The same as a key on your key chain.
What do i achive using this authentication method ?
There is a SmartCard PAM module under Solaris 8, there is *very* likely one under Solaris 9. You could come up with something more exotic, but that should do.
I mean, will i still need a password? like pgp encrypt password phrase?
You can use passwords *and* the smart card, but the way I have seen Sun use them, they treated them like ignition keys in a car. Stuff it in the card reader and hold onto your seat as you are logged in without touching the keyboard. You could probably store some wierd thing on the smart card that was encrypted (somehow) and needs a passphrase to decrypt (the data that was encrypted would be then used during the authentication). But this sounds like a big pain in the rear. You would also do this via PAM (likely).
What happens if i loose my smartcard?
The guy who finds it can use it like you can. Root can reset the card authentication, if that is what you are angling at. Its just like your car keys. I know you looked on docs.sun.com, but here is something to look at. http://docs.sun.com/db/doc/806-7010?q=smart+card The smart card manpages are also quite informative (under Solaris 8 anyway). "man -k card" yeilded a few. "man -s 5 smartcard" would be a fairly OK starting point. ----------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ arlt () cpsc ucalgary ca University Of Calgary (_)/(_) I should be biking right now. Computer Science
Current thread:
- Smart Card - Sun. Jens Johansson (Nov 07)
- Re: Smart Card - Sun. Brad Arlt (Nov 08)
- Re: Smart Card - Sun. Dejan (Nov 11)
- Re: Smart Card - Sun. .:[Travis]:. (Nov 08)
- <Possible follow-ups>
- RE: Smart Card - Sun. Hay, Brennan (Contractor) (Nov 08)
- Re: Smart Card - Sun. Brad Arlt (Nov 08)