Gnome Smartcard Login

gdm-2.6.0.5.quest
Status:beta
Current:1
For QAS:3.1 or later
Platforms:Red Hat Linux 4.0 i386
Resources:
Upstream:GDM
License:GPL
gdm-plugins
Status:beta
Current:0.1.0
For QAS:3.1.0
Platforms:
  • Red Hat Linux 3.0 i386
  • Red Hat Linux 4.0 i386
Resources:
License:GPL

GDM is a graphical login program for Linux. Typically, it allows login via username and password.

Login using a smartcard is possible, but there is currently no automatic detection of smartcard insertion and removal. Intuitively, a user would expect that if a smartcard is inserted while a "Username:" prompt is displayed, then GDM would recognize the insertion and (eventually) the user would be asked for a PIN. Similarly, a user would expect that if a smartcard is removed while a "PIN:" prompt is displayed, then GDM would cancel the PIN request and restart the login process.

Quest has modified GDM so that smartcard insertion and deletion are recognized. The solution consists of two packages:

quest-gdm
A modified version of GDM that allows for the loading of a "PAM prompt plugin". The plugin is activated whenever PAM requests a prompt (such as "Username:" or "PIN:") during authentication. The normal prompt is still displayed, but the plugin may perform internal communication with the GDM process that simulates user entry at that prompt. For architectural reasons, no plugins are provided with this version of GDM.
gdm-plugins
A collection of PAM prompt plugins for the modified version of GDM above, which monitor smartcard events. Two plugins are provided: a plugin based on the PKCS#11 interface, and a plugin based on the PC/SC interface. The PKCS#11 plugin is considered more stable and should be used with PAM applications that use PKCS#11 to communicate with the smartcard (such as the PAM smartcard module provided with Quest Authentication Services (QAS)). The PC/SC plugin is experimental and should not be used with PAM applications that use PKCS#11.

Latest release

Suite: quest-gdm 2006-11-21
Release: gdm-2.6.0.5.quest.1 (unstable)
Platform Filename Type Size Date
Show all 4 files | Other gdm releases
linux-rhel4gdm-2.6.0.5-6.quest.1.rhel4.i386.rpmpackage3.0 MB2006-11-20
gdm-2.6.0.5-7.rhel4.12.quest.1.rhel4.i386.rpmpackage3.0 MB2006-11-20
Release: gdm-plugins-0.1.0 (unstable)
Platform Filename Type Size Date
Show all 2 files | Other gdm releases
linux-rhel4gdm-plugins-0.1.0-1.rhel4.i386.rpmpackage25 kB2006-11-20

Installation Instructions

Install the quest-gdm and gdm-plugins packages with your platform's normal package management tools:

Linux (RPM)
# rpm -e gdm
# rpm -ivh gdm-2.6.0.5-6.quest.1.rhel4.i386.rpm
# rpm -ivh gdm-plugins-0.1.0.rhel4.i386.rpm

Post-Installation Instructions

After installing the quest-gdm and gdm-plugins packages, you will need to do the following steps:

  1. Modify the GDM configuration file (typically /etc/X11/gdm/gdm.conf or /etc/X11/gdm/gdm.conf.factory) so that GDM will load a prompt plugin. The PromptPlugin setting of the [greeter] section of the configuration file must be set to the full path of the required PAM prompt plugin. It is recommended that the PKCS#11 plugin should be used with Quest Authentication Services (QAS):
    [greeter]
    ...
    PromptPlugin=/usr/lib/gdm/plugins/libpromptpkcs11.so
    
  2. Modify the configuration file (if any) for the prompt plugin. For the PKCS#11 plugin, this will mean specifying the location of the vendor's PKCS#11 library in /etc/X11/gdm/plugins/pkcs11.conf:
    [pkcs11]
      library=/usr/lib/libpkcs11.so # change as required
    
  3. As root, restart GDM:
    # /usr/sbin/gdm-restart
    (or, alternatively, hit ctrl-alt-backspace)

— Geoff Elgey