Smart Card redirection PDF Print E-mail
Written by Jay Sorg   
Sunday, 08 September 2013 22:14

 

Smart Cards in Linux generally use a package called PCSC.

You can get the software from PCSC

http://pcsclite.alioth.debian.org/

 

PCSC current design

PCSC uses a daemon and library design.  A system runs one daemon and all the applications on the system that want to use the Smart Cards, make calls into the library.  These calls are passed on to the daemon, through a unix domain socket, which then talks to the hardware.  It does not matter what user on the system is making the call, it still goes the same route.

 

PCSC new design

Each xrdp user that wants to use a redirected Smart Card need to have different path the the Card Reader.  There generally will not be a Smart Card reader plugged into the server.  It is the RDP clients that will have the Smart Card readers.

Two design changes are needed to allow PCSC to run multisession.  The first change is to add a PCSCD daemon standin for chansrv.  Chansrv will act like PCSCD.  It will accept unix domain socket connection like PCSCD and respone based on communication with the client's Smart Card information.  The client's Smart Card communiation is built into RDP as part of the RDPDR static virtual channel.  The second change is to libpcsc.  It should still work as it did before if not in an xrdp session.  It can know if it's in an xrdp session by looking for the XRDP_SESSION environment varabile.  If the variable is there, then use a per user IPC directory, else use the standard /var/run/pcscd directory.

 

 

 

Last Updated on Sunday, 08 September 2013 22:44