| gdm-2.6.0.5.quest | |
|---|---|
| Status: | beta |
| Current: | 1 |
| For VAS: | 3.1 |
| Platforms: | Red Hat Linux 4.0 i386 |
| Resources: | |
| Upstream: | GDM |
| License: | GPL |
| gdm-plugins | |
|---|---|
| Status: | beta |
| Current: | 0.1.0 |
| For VAS: | 3.1.0 |
| Platforms: |
|
| Resources: | |
| License: | GPL |
GDM is a graphical login program for Linux. Typically, it allows login via username and password.
Login using a smartcard is possible, but there is currently no automatic detection of smartcard insertion and removal. Intuitively, a user would expect that if a smartcard is inserted while a "Username:" prompt is displayed, then GDM would recognize the insertion and (eventually) the user would be asked for a PIN. Similarly, a user would expect that if a smartcard is removed while a "PIN:" prompt is displayed, then GDM would cancel the PIN request and restart the login process.
Quest has modified GDM so that smartcard insertion and deletion are recognized. The solution consists of two packages:
- quest-gdm
- A modified version of GDM that allows for the loading of a "PAM prompt plugin". The plugin is activated whenever PAM requests a prompt (such as "Username:" or "PIN:") during authentication. The normal prompt is still displayed, but the plugin may perform internal communication with the GDM process that simulates user entry at that prompt. For architectural reasons, no plugins are provided with this version of GDM.
- gdm-plugins
- A collection of PAM prompt plugins for the modified version of GDM above, which monitor smartcard events. Two plugins are provided: a plugin based on the PKCS#11 interface, and a plugin based on the PC/SC interface. The PKCS#11 plugin is considered more stable and should be used with PAM applications that use PKCS#11 to communicate with the smartcard (such as the PAM smartcard module provided with Vintela Authentication Services (VAS)). The PC/SC plugin is experimental and should not be used with PAM applications that use PKCS#11.
Latest release
- Suite: quest-gdm 2006-11-21
Release: gdm-2.6.0.5.quest.1 (unstable) Platform Filename Type Size Date Show all 4 files | Other gdm releases linux-rhel4 gdm-2.6.0.5-6.quest.1.rhel4.i386.rpm package 3.0MB 20-Nov-2006 gdm-2.6.0.5-7.rhel4.12.quest.1.rhel4.i386.rpm package 3.0MB 20-Nov-2006 Release: gdm-plugins-0.1.0 (unstable) Platform Filename Type Size Date Show all 2 files | Other gdm releases linux-rhel4 gdm-plugins-0.1.0-1.rhel4.i386.rpm package 25kB 20-Nov-2006
Installation Instructions
Install the quest-gdm and gdm-plugins packages with your platform's normal package management tools:
- Linux (RPM)
# rpm -e gdm # rpm -ivh gdm-2.6.0.5-6.quest.1.rhel4.i386.rpm # rpm -ivh gdm-plugins-0.1.0.rhel4.i386.rpm
Post-Installation Instructions
After installing the quest-gdm and gdm-plugins packages, you will need to do the following steps:
- Modify the GDM configuration file (typically
/etc/X11/gdm/gdm.conf
or
/etc/X11/gdm/gdm.conf.factory)
so that GDM will load a prompt plugin.
The PromptPlugin setting of the [greeter] section of the
configuration file must be set to the full path of the required PAM prompt
plugin. It is recommended that the PKCS#11 plugin should be used with
Vintela Authentication Services (VAS):
[greeter] ... PromptPlugin=/usr/lib/gdm/plugins/libpromptpkcs11.so
- Modify the configuration file (if any) for the prompt plugin. For the
PKCS#11 plugin, this will mean specifying the location of the vendor's PKCS#11
library in /etc/X11/gdm/plugins/pkcs11.conf:
[pkcs11] library=/usr/lib/libpkcs11.so # change as required
- As root, restart GDM:
# /usr/sbin/gdm-restart
(or, alternatively, hit ctrl-alt-backspace)
— Geoff Elgey