You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Dimitri Puzin 90403d09d3 add pcsc-lite 1.8.13-1 from testing 6 years ago
..
example add pcsc-lite 1.8.13-1 from testing 6 years ago
Makefile.am add pcsc-lite 1.8.13-1 from testing 6 years ago
Makefile.in add pcsc-lite 1.8.13-1 from testing 6 years ago
README.DAEMON add pcsc-lite 1.8.13-1 from testing 6 years ago
README.polkit add pcsc-lite 1.8.13-1 from testing 6 years ago
doxygen.conf.in add pcsc-lite 1.8.13-1 from testing 6 years ago
formaticc.1 add pcsc-lite 1.8.13-1 from testing 6 years ago
org.debian.pcsc-lite.policy add pcsc-lite 1.8.13-1 from testing 6 years ago
pcscd.8.in add pcsc-lite 1.8.13-1 from testing 6 years ago
reader.conf.5.in add pcsc-lite 1.8.13-1 from testing 6 years ago

README.polkit

When pcsc-lite is compiled using the --enable-polkit option then
polkit will be used to control access to the pcsc-lite daemon.

That allows more fine grained access control to smart cards that
is tied to the system processes rather than solely depending on
the smart card controls (e.g., only console users can access the
card and so on).

Polkit is documented at:
http://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html

A default polkit policy is shipped with pcsc-lite in
org.debian.pcsc-lite.policy. The policy file allows restricting access
to the daemon as well as access to smart cards.

Polkit allows for additional rules, e.g., restricting access to
particular smart cards. The rules are javascript files placed
in /usr/share/polkit-1/rules.d/. To make specific smart card
reader accessible by the web server (run as www-data user) you
may use the following rules:

polkit.addRule(function(action, subject) {
if (action.id == "org.debian.pcsc-lite.access_card" &&
action.lookup("reader") == 'name of reader' &&
subject.user == "www-data") {
return polkit.Result.YES;
}
});

polkit.addRule(function(action, subject) {
if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
subject.user == "www-data") {
return polkit.Result.YES;
}
});


Note that the name of the reader can be obtained using "opensc-tool -l"
or "pcsc_scan".