smart card authentication with Linux?

[Paul Lussier]

Bill McGonigle <bill at bfccomputing.com> writes:

> If you don't trust the user to not copy the ssh key off the image (you
> mentioned honest users) and you're not using SELinux and you allow
> them root on their machines then you need a smart-card.

Let's just say that I believe them to be honest, but I'm paranoid, and
a) would like them to stay honest, and b) don't trust them, despite my
beliefs :)

Besides, access to our *customer's* systems is what's at stake here.
I'd like to be able to guarantee that if asked, I can say the only way
to gain access is via the use of the smart cards.  Either we've
accounted for them all, or disabled the access for those which can not
account.
-- 

Seeya,
Paul