Re: [RFC] Grub2 lock and password implementation

[Vesa Jääskeläinen]

Julien Ranc wrote:
> What is needed / wanted ?

First of all, I do not ask that you code following. They are just to 
test out flexibility of your proposal.

So how would following scenarios work with your proposal?

a) smartcard + ext pin

There is smartcard reader on system with integrated keypad. Smartcard 
accessing software is developed as plugin.

b) smartcard + pc pin

There is smartcard reader on system without integrated keypad. User is 
requested about PIN code on screen and then validated on the card. 
Smartcard accessing software is developed as plugin. PIN code reading 
can be a plugin or generic implementation for password query.

c) RFID verification

There is RFID reader on system. User swipes dongle and gets a code. 
Optional password defined on grub config for user with some hash algo. 
If password would be asked, generic implementation would be used for 
asking it. Verification can be done by custom plugin if needed.

d) smartcard + biometric sensor

There is smartcard and biometric readers on system. User enters his 
smartcard on the reader and gives proper biometric identification to 
sensor. Verification can be done by custom plugin if needed.

e) multiple users

There are group of users that can be allowed to higher access. 
Authenticated with password or user & password pair.

f) network authentication

Authentication by LDAP server. User id and password will be asked. 
Network will be connected if no local authentication information 
available. If LDAP server cannot be contacted access is denied or only 
local sources available. Or alternative some other method like RADIUS or so.

Thanks,
Vesa Jääskeläinen