[Thinlinc-technical] server side smartcard support + Igel?
perand at foi.se
Thu May 16 10:59:34 CEST 2019
I am running a set-up with CentOS 7.6 server running Thinlinc 4.8.1 and
Igel U3-lx clients, using smart card authentication. For security
reasons I have unfortunately very little control over what versions of
the software I can use and what updates I can make.
The server is often bogged down by multiple instances of gsd-smartcard,
escd and xulrunner for different users running amok, using all of the
cpu resources on the fairly powerful server (24 cores, 128 GB memory for
7 users). I know that Gnome leaves much to wish for when it comes to
garbage collect and resource management, but that's what we are stuck
with. This problem has been persistent through CentOS 6 and all of
incarnations of CentOS 7 that we have used so I don't think the Gnome
project is going to solve the actual problem with the smart card support
any day soon...
My question is whether smart card support on the server side is needed
or if all the magic happens on the client side? If possible I would like
to turn off the esc daemon and gsd-smartcard but I have not been able to
find any information in any documentation if that is possible with our
set-up, and I can't experiment in the production environment. As I
understand it, by removing the support all together the necessary
modules in PAM also are removed, but would it be possible to keep the
support for smart cards and just turn the daemons off on the server, or
is the thinlinc server software and/or the server authentication system
relying on them even though the actual handling of the smart cards are
performed on the client side?
More information about the Thinlinc-technical