Estobuntu (a remastered Kubuntu Lucid Live CD that uses Estonian by default) uses LTSP (Linux Terminal Server Project) and a modified version of ssh to redirect the pcsc-lite client-server communication channel.
The feature has been added in revision r5373 and will be available in pcsc-lite version 1.6.5.
On the
SSH does not, natively, redirect a Unix domain socket to a remote Unix domain socket. But maybe a simple tool exists for doing just that. If you know something like that please add a comment. One problem is that Unix domain socket can do more than Internet sockets (like transfer a file handle with SCM_RIGHTS or Unix credentials with SCM_CREDENTIALS), but pcsc-lite does not use these services.
The feature has been added in revision r5373 and will be available in pcsc-lite version 1.6.5.
Architecture
- pcscd is running on the remote terminal, where the smart card reader is connected.
- SSH is used to redirect the pcscd socket
/var/run/pcscd/pcscd.comm
from the client terminal to a file on the server and then used by thelibpcsclite.so
client library. - On the server each client session must have its own socket to a different pcscd running on different terminals. So the file is located in the user home directory:
$HOME/.pcscd.com
Setup
On thepcscd
side the socket /var/run/pcscd/pcscd.comm
is redirected by ssh.On the
libpcsclite.so
side the redirection is done by configuring the environment variable PCSCLITE_CSOCK_NAME
.$ export PCSCLITE_CSOCK_NAME=$HOME/.pcscd.comm
$ the_program
Issues
This setup cannot use the auto start feature. The auto start feature allows to start thepcscd
daemon only when the libpcsclite.so
is used by an application. Since the pcscd
and libpcsclite.so
are now on two different machines it is a bit more complex than just fork+exec. The libpcsclite.so
would have to start pcscd
on a different machine. This is possible but is not implemented.Conclusion
This feature could also be used outside of Estobuntu and LTSP.SSH does not, natively, redirect a Unix domain socket to a remote Unix domain socket. But maybe a simple tool exists for doing just that. If you know something like that please add a comment. One problem is that Unix domain socket can do more than Internet sockets (like transfer a file handle with SCM_RIGHTS or Unix credentials with SCM_CREDENTIALS), but pcsc-lite does not use these services.
ConversionConversion EmoticonEmoticon