From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Jze7b-0005gv-Pd for mharc-grub-devel@gnu.org; Fri, 23 May 2008 16:44:15 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Jze7a-0005gc-Pm for grub-devel@gnu.org; Fri, 23 May 2008 16:44:14 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Jze7Y-0005gB-AM for grub-devel@gnu.org; Fri, 23 May 2008 16:44:13 -0400 Received: from [199.232.76.173] (port=44828 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Jze7Y-0005g7-4U for grub-devel@gnu.org; Fri, 23 May 2008 16:44:12 -0400 Received: from mta-out.inet.fi ([195.156.147.13]:45219 helo=jenni2.rokki.sonera.fi) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1Jze7X-0005xV-LP for grub-devel@gnu.org; Fri, 23 May 2008 16:44:11 -0400 Received: from [127.0.0.1] (88.193.32.97) by jenni2.rokki.sonera.fi (8.5.014) id 482C7F3400671E88 for grub-devel@gnu.org; Fri, 23 May 2008 23:44:06 +0300 Message-ID: <48372C9C.9070005@nic.fi> Date: Fri, 23 May 2008 23:44:12 +0300 From: =?ISO-8859-1?Q?Vesa_J=E4=E4skel=E4inen?= User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) MIME-Version: 1.0 To: The development of GRUB 2 References: In-Reply-To: X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: Quoted-Printable X-detected-kernel: by monty-python.gnu.org: Linux 2.6 (newer, 3) Subject: Re: [RFC] Grub2 lock and password implementation X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 May 2008 20:44:14 -0000 Julien Ranc wrote: > What is needed / wanted ? First of all, I do not ask that you code following. They are just to=20 test out flexibility of your proposal. So how would following scenarios work with your proposal? a) smartcard + ext pin There is smartcard reader on system with integrated keypad. Smartcard=20 accessing software is developed as plugin. b) smartcard + pc pin There is smartcard reader on system without integrated keypad. User is=20 requested about PIN code on screen and then validated on the card.=20 Smartcard accessing software is developed as plugin. PIN code reading=20 can be a plugin or generic implementation for password query. c) RFID verification There is RFID reader on system. User swipes dongle and gets a code.=20 Optional password defined on grub config for user with some hash algo.=20 If password would be asked, generic implementation would be used for=20 asking it. Verification can be done by custom plugin if needed. d) smartcard + biometric sensor There is smartcard and biometric readers on system. User enters his=20 smartcard on the reader and gives proper biometric identification to=20 sensor. Verification can be done by custom plugin if needed. e) multiple users There are group of users that can be allowed to higher access.=20 Authenticated with password or user & password pair. f) network authentication Authentication by LDAP server. User id and password will be asked.=20 Network will be connected if no local authentication information=20 available. If LDAP server cannot be contacted access is denied or only=20 local sources available. Or alternative some other method like RADIUS or = so. Thanks, Vesa J=E4=E4skel=E4inen