Hey, while we're talking features: another feature I really like about
pam_pkcs11 is that, in GDM, you can type your PIN and press enter before
inserting your smartcard. I'm not even sure the feature belongs in
pam_pkcs11 or in gdm, but the behaviour changed when i switched to pam_sss
so I'm thinking the former.
It's a little thing, but its a little annoying to have to wait for the
smart card to be recognized before you can start typing the PIN.
Have a good weekend!
2017-10-20 16:59 GMT+02:00 Winberg, Adam <adam.winberg(a)smhi.se>:
Ok - great work by the way, keep it up!
2017-10-20 16:37 GMT+02:00 Sumit Bose <sbose(a)redhat.com>:
> On Fri, Oct 20, 2017 at 04:25:52PM +0200, Winberg, Adam wrote:
> > Using pam_pkcs11 we can use the parameter 'wait_for_card' to halt the
> > process until a smart card is inserted. Is there any feature like that
> > pam_sss?
> > Use case is to require smart card for logins. With GDM this is
> > via dconf, but with console/tty logins there is no such configuration
> > available as I know of. So with pam_sss you can freely logon to a TTY
> > without using smartcard. Or maybe there is a solution out there I'm
> This is work-in-progress, I'll try to implement missing features from
> pam_pkcs11 step by step.
> > Regards
> > Adam
> > _______________________________________________
> > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> > To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org