[Thinlinc-technical] server side smartcard support + Igel?

[Per Andersson]

Hi all!

I am running a set-up with CentOS 7.6 server running Thinlinc 4.8.1 and 
Igel U3-lx clients, using smart card authentication. For security 
reasons I have unfortunately very little control over what versions of 
the software I can use and what updates I can make.

The server is often bogged down by multiple instances of gsd-smartcard, 
escd and xulrunner for different users running amok, using all of the 
cpu resources on the fairly powerful server (24 cores, 128 GB memory for 
7 users). I know that Gnome leaves much to wish for when it comes to 
garbage collect and resource management, but that's what we are stuck 
with. This problem has been persistent through CentOS 6 and all of 
incarnations of CentOS 7 that we have used so I don't think the Gnome 
project is going to solve the actual problem with the smart card support 
any day soon...

My question is whether smart card support on the server side is needed 
or if all the magic happens on the client side? If possible I would like 
to turn off the esc daemon and gsd-smartcard but I have not been able to 
find any information in any documentation if that is possible with our 
set-up, and I can't experiment in the production environment. As I 
understand it, by removing the support all together the necessary 
modules in PAM also are removed, but would it be possible to keep the 
support for smart cards and just turn the daemons off on the server, or 
is the thinlinc server software and/or the server authentication system 
relying on them even though the actual handling of the smart cards are 
performed on the client side?

Best regards

Per