From owner-freebsd-hackers@FreeBSD.ORG Fri May 5 07:03:13 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90FC316A402 for ; Fri, 5 May 2006 07:03:13 +0000 (UTC) (envelope-from fli+freebsd-hackers@shapeshifter.se) Received: from mx1.h3q.net (manticore.shapeshifter.se [212.37.5.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1AF7243D46 for ; Fri, 5 May 2006 07:03:12 +0000 (GMT) (envelope-from fli+freebsd-hackers@shapeshifter.se) Received: from localhost (localhost [127.0.0.1]) by mx1.h3q.net (Postfix) with ESMTP id A24D01A770; Fri, 5 May 2006 09:03:07 +0200 (CEST) Received: from mx1.h3q.net ([127.0.0.1]) by localhost (mx1.h3q.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 82920-08; Fri, 5 May 2006 09:03:06 +0200 (CEST) Received: from [10.0.0.50] (sto-nat.se.tangram-group.net [212.37.5.19]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.h3q.net (Postfix) with ESMTP id CF6381A723; Fri, 5 May 2006 09:03:05 +0200 (CEST) Message-ID: <445AF8AB.9080008@shapeshifter.se> Date: Fri, 05 May 2006 09:03:07 +0200 From: Fredrik Lindberg User-Agent: Thunderbird 1.5.0.2 (X11/20060423) MIME-Version: 1.0 To: Daniel O'Connor References: <00fb01c66fb2$a8e157c0$0501010a@ironman> <445A5F48.60303@spintech.ro> <200605051009.49344.doconnor@gsoft.com.au> In-Reply-To: <200605051009.49344.doconnor@gsoft.com.au> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at h3q.net Cc: freebsd-hackers@freebsd.org, aanton@spintech.ro, Cesar Subject: Re: Fingerprint Authentication X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 May 2006 07:03:13 -0000 Daniel O'Connor wrote: > On Friday 05 May 2006 05:38, Alin-Adrian Anton wrote: >> http://www.thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader >> >> SSH can do pam authentication. > > Not sure the driver will work in FreeBSD.. > There is bioapi in ports though. > > Oops. looks like ports wins again.. security/bsp_upektfmess > The driver should work fine locally. But using it remote (via ssh etc) is probably a no-go because verification of the fingerprint records are done by UPEKs driver at the hardware level. The only way as I see it (to even make it possible with UPEKs driver) is to have a reader at both the remote machine and the client machine and then capture a BioAPI record at the client machine and have the server verify it. But that involves transferring the record in a secure way to the server. Fredrik Lindberg