Re: PAM Slot numbers - trouble understanding the scenario

Dan Yefimov <dan@xxxxxxxxxxxxxxxx> · Tue, 13 Oct 2009 02:25:56 +0400

On 13.10.2009 0:26, Julian Bui wrote:

Hi all,

I'm trying to figure out the options that PAM uses.

One option that caught my eye is the slot number option found in
pam_pkcs11.conf, since this sounds like it could possibly help me map
devices to session logins on a multi-seat desktop.

Anyway, the documentation reads: "
slot_num=<nr>

    Slot-number to use: 1 for the first, 2 for the second and so on. The
    default value is 0, which means to use the first slot with an
    available token."

I am confused as to what the slots are.  This documentation/description
may seem obvious to you guys, but I do not know what it means.  I am
having trouble understanding the hardware setup and the
scenario/usecase.  Is this for multiple security devices (like 3 smart
card readers, for example) ?  Maybe slot_num=2 means it uses the CAC
card in card reader #2 for the login?  Why would this be useful?  How do
you assign IDs to the devices?  Maybe I'm completely misinterpreting
this option.

First of all, the 'slot=' parameter, you meantioned, is global, IOW, it is the 

same for ALL login instances, thus it isn't helpful for multi-seat 

installations. From the excerpt, you provided, it's clear, that the 'slot=' 

parameter is the number of token device to use for logging the user in. The 

number of the particular device depends on the bus scanning order.

--

Sincerely Your, Dan.

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list