SmartCards, BSD and Linux? 9
Gilles Cherix asks: "I just come back from an IT Expo where Sun demonstrated their brand new SunRay appliances. These are cool and cute little boxes with a smart card reader ... the card is used for autentication and everything is executed from a Sparc server. I'm wondering if my favorite Open Source operating systems can do something similar: that is, if there is support for smartcard reader/writers in *BSD or Linux. The rest is a question of some coding but that would be an interesting alternative for me since I have to manage new accounts everyday and I don't want to spend very much money for Sun hardware."
the real question... (Score:2)
At my university [www.dtu.dk] we have a shitload of Sunray2's terminals. The have a smartcard reader, which is, as the person asks, used for authentication. This is the way it works: instead of logging in and out, you just throw in your smartcard. This is not the cool part, the cool part is, that, when you insert your card, your desktop comes up exactly like you left it. Programs and files open, window positions, the works.
So, getting the authentication part should be possible, but getting the "desktop popping up the ay you left it" is the tricky part, at least if you ask me.
or else I'm just drunk and babbling about stuff I don't get...?
Desktop state (Score:2)
Not on any existing Linux... (Score:3)
You should have paid attention to the tech specs, or asked more questions....
That's not Ethernet running out of there. Well, it's Ethernet hardware, but it's a proprietary transport. The abstraction necessary to get such a setup working is not anywhere close to being implemented. The entire Sound and Vidoe format is rewritten to be abstracted from the actual display/audio hardware. It works something like this, though I'm not sure of the "real" details....
X Framebuffer/Sound buffer --> Abstraction layer --> Session Manager --> Transport driver --> SunRay --> Abstraction realizer --> Display Hardware
We probably have the working of the display and sound abstractors (Virtual Framebuffers and the architecture of ESound), but the rest will all have to be implemented. The speed form the thing comes from the fact that all of the abstraction/encoding/decoding is done in hardware. Software abstraction and realization will be VERY slow and prohibitive of just running cheap standalone Linux systems.
In addition, the packages to make the server a SunRay server change the session management of the processes run by a user, in that it needs to be able to intelligently stop and start (not kill and restart) processes as displays attach and reattach, and handle extended swapping and reallocating of resources. The fact that it's a smartcard controlling it is trivial compared to the engineering needed to get the process working. For tha tmatter, you can just encode a small PAM module that lives on the client to authenticate by fingerprints, voice, or whatever
If you get it figured out, more power to you :)
M.U.S.C.L.E. (Score:3)
Re:the real question... security hazard (Score:1)
This means with only the smartcard, which can be replicated or used without your knowledge by other party, others than you can access your data.
It is much easier to get hold of other persons smartcard than their login/pass.
From a security perspective the smartcard isn't bad. and in combination with login/pass it even enhances security.
Humm, will the smartcard be replaced by fingerprints and eyeprints in the future?
NAS + VNC + MUSCLE + a bit of glue? (Score:2)
Re:NAS + VNC + MUSCLE + a bit of glue? (Score:1)
Re:NAS + VNC + MUSCLE + a bit of glue? (Score:1)
The point isn't using the server to run apps, the cool part of this is this:
I work in one physical location. Work work work work oops, problem at our data center. Start problem analyzer, leave running. Yank smart card from terminal, all logged out. Drive to data center. Plug smart card back in. *poof* There's my screen again, with all the stuff I was running when I left my office. In the meantime, someone comes to my office area to visit. Needs computer access. Pull out hte guest SmartCard, pop it into the terminal on my desk, and *poof* again, new login session.
This kinda stuff is very idea for extremely-thin client stuff, and for your typical sysadmin who really doesn't _need_ a PC cause all the work is done on the remote servers anyway...all he really needs is an X display.
As far as using cheap PC's...the list price for these things, IIRC, is about $500, monitor not included. I dunno if you can put a respectable workstation together for $500 anymore (Celeron's notwithstanding, I hate lobotomized processors).
ChipDrive linuxpack (Score:1)
The box indicates that there are developer tools at linuxnet [linuxnet.com].