From owner-freebsd-hackers@FreeBSD.ORG Fri May 5 11:24:30 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F18116A403 for ; Fri, 5 May 2006 11:24:30 +0000 (UTC) (envelope-from aanton@spintech.ro) Received: from smtpx.spintech.ro (smtpx.spintech.ro [81.180.92.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id C42C243D58 for ; Fri, 5 May 2006 11:24:28 +0000 (GMT) (envelope-from aanton@spintech.ro) Received: from [10.0.0.2] (beastie [10.0.0.2]) by smtpx.spintech.ro (Postfix) with ESMTP id B55BF3A4A8; Fri, 5 May 2006 11:58:28 +0000 (UTC) Message-ID: <445B35EA.5080009@spintech.ro> Date: Fri, 05 May 2006 14:24:26 +0300 From: Alin-Adrian Anton Organization: Spintech Security Systems User-Agent: Mozilla Thunderbird 1.0 (X11/20041229) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-hackers@freebsd.org References: <00fb01c66fb2$a8e157c0$0501010a@ironman> <445A5F48.60303@spintech.ro> <200605051009.49344.doconnor@gsoft.com.au> <445AF8AB.9080008@shapeshifter.se> In-Reply-To: <445AF8AB.9080008@shapeshifter.se> X-Enigmail-Version: 0.89.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Cesar Subject: Re: Fingerprint Authentication X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: aanton@spintech.ro List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 May 2006 11:24:30 -0000 Fredrik Lindberg wrote: > > The driver should work fine locally. But using it remote (via ssh etc) > is probably a no-go because verification of the fingerprint records are done by UPEKs driver at the hardware level. > > The only way as I see it (to even make it possible with UPEKs driver) > is to have a reader at both the remote machine and the client machine > and then capture a BioAPI record at the client machine and have the server verify it. But that involves transferring the record in a secure > way to the server. > Or simply have a reader on client side, which if correctly authentificated will issue public-key auth with the server, or sort of.. :) Not really BioAPI auth, but it enables the user to do remote logins by putting the finger on the reader.. -- Alin-Adrian Anton GPG keyID 0x183087BA (B129 E8F4 7B34 15A9 0785 2F7C 5823 ABA0 1830 87BA) gpg --keyserver pgp.mit.edu --recv-keys 0x183087BA "It is dangerous to be right when the government is wrong." - Voltaire