- date: 23.03.05
author: CorneliusKoelbel
<cornelius.koelbel AT lsexperts DOT de>
configure eventmgr
The eventmanager can be found in the package pkcs11_login, that is also used for HowTos/eToken_on_Linux and can be downloaded here
http://www.opensc.org/pam_pkcs11/
if you have not done so, yet.
To have the event_manager run with the eToken, you have to tell the event_manager, what pkcs11-lib it should use. Moreover you have to tell, what the event_manager should do, if the eToken is pulled out -> kdesktop_lock. The event_manager has to be started by the user, who has logged in to the system, so that he has the access rights to lock the desktop.
starting the event_manager
You could for example add an entry in .kde/Autostart.
drawback
The one thing I do not like about the event_manager is, that it polls the eToken. Thats bad. It would be nicer to use the usb hotplugging functions...
Who is willing to write good scripts and howtos?
Configuration
The file /etc/pkcs11/pkcs11_eventmgr.conf could look like this:
# Sample pkcs11_eventmgr configuration file
#
pkcs11_eventmgr {
# Run in background. Implies debug=false
daemon = true;
# show debug messages
debug = false;
# polling time in seconds
polling_time = 1;
# expire time in seconds
# default = 0 ( no expire )
expire_time = 0;
# pkcs11 module to use
pkcs11_module = /usr/local/lib/libetpkcs11.so;
#
# list of events and actions
# Card inserted
event card_insert {
# what to do if an action fail?
# ignore : continue to next action
# return : end action sequence
# quit : end program
on_error = ignore ;
# You can enter several, comma-separated action entries
# they will be executed in turn
action = "/usr/bin/play /usr/share/sounds/warning.wav",
"/usr/X11R6/bin/xscreensaver-command -deactivate";
}
# Card has been removed
event card_remove {
on_error = ignore;
action = "/usr/bin/play /usr/share/sounds/error.wav",
"/usr/bin/kdesktop_lock --forcelock";
}
# Too much time card removed
event expire_time {
on_error = ignore;
action = "/bin/false";
}
}