Security Basics mailing list archives
Re: Smart Card - Sun.
From: "Dejan" <sneaker () freemail org mk>
Date: Sat, 9 Nov 2002 18:27:23 +0100
I mean, will i still need a password? like pgp encrypt password phrase?You can use passwords *and* the smart card, but the way I have seen Sun use them, they treated them like ignition keys in a car. Stuff it in the card reader and hold onto your seat as you are logged in without touching the keyboard. You could probably store some wierd thing on the smart card that was encrypted (somehow) and needs a passphrase to decrypt (the data that was encrypted would be then used during the authentication). But this sounds like a big pain in the rear. You would also do this via PAM (likely).
I think you can store all kind of data, but the capacity of the smart card is the limit. Anyways, I was using them for user authentication. The good thing is that you can block the smartcard after 3,4.. invalid enters. So this is quite flexible from secu. perspective.
What happens if i loose my smartcard?The guy who finds it can use it like you can. Root can reset the card authentication, if that is what you are angling at. Its just like your car keys.
Probably you get a newone, and the serviceprovider that is responsible for the smartcards should make the lost card invalid. --- deJan
Current thread:
- Smart Card - Sun. Jens Johansson (Nov 07)
- Re: Smart Card - Sun. Brad Arlt (Nov 08)
- Re: Smart Card - Sun. Dejan (Nov 11)
- Re: Smart Card - Sun. .:[Travis]:. (Nov 08)
- <Possible follow-ups>
- RE: Smart Card - Sun. Hay, Brennan (Contractor) (Nov 08)
- Re: Smart Card - Sun. Brad Arlt (Nov 08)