From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <3F0ED4B3.4B140151@princeton.edu> From: Martin Harriss MIME-Version: 1.0 To: 9fans@cse.psu.edu Subject: Re: [9fans] pop3 before smtp References: <967768cb40aa71d536446da30109cc15@plan9.bell-labs.com> <01ed01c34740$aa416f80$b9844051@insultant.net> <20030711150306.GB26212@wilbur.25thandClement.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Fri, 11 Jul 2003 11:16:03 -0400 Topicbox-Message-UUID: f612ea4c-eacb-11e9-9e20-41e7f4b1d025 William Ahern wrote: > > On Fri, Jul 11, 2003 at 02:09:15AM +0200, boyd, rounin wrote: > > at some point when the bank [french] were talking about doing > > X.509 stuff and random things with their clients i suggested > > they stuck the certs on a chip/smart card (the things being > > rampant in france since a govt decree in 1991) and jamming > > it into a reader. when it dies it's dead and then you use some > > other channel to renew it. > > > > I bought a 10-pack of Schlumberger cryptocards (RSA operations computed > on-chip, plus the USB controller is on-chip so there's no need to carry > around a card reader everywhere). I've been meaning to setup a completely > password-less system for login to my personal machines, as well as > authentication to my servers via ssh. Now I'm writing an Apache module to > interface w/ BSD Auth (similar to PAM), so it can all integrate w/ the web > sites as well. > > The only problem is I can't get the damn thing to get recognized in > Linux.... Supposedly everybody and their uncle has gotten it to work in a > snap. *sigh* > > Interactive password systems stink, but like many other sticky subjects, > where's the alternative? (tho in an all Windows environment I've read its > fairly workable). But now these cards become bearer instruments. You steal the card, you have access. Methinks you need at least a PIN to validate the card. Martin