Do I understand right, you want to install a further level of security for access to IPFire.
You are welcome in the development team!
Each system has a weakness at the administration level. Because no human is error-free, there must be means to modify and correct the system. In HW systems this is done by new HW modules ( which must be verified!! ), in SW systems this is done by configuration changes and verified modules.
It isn’t easy to manipulate an IPFire system, if the security guidelines are used ( see the blog articles ).
No system is secure in itself. Security is established by embedding in an efficient and effective(!) concept.
Hi,
okay, good to know! I wasn’t aware you showed a highly simplified example.
But I still think it would be better if the dongle only locks/unlocks an existing and proven good configuration file, instead of writing data directly to the system. Isn’t that the weak point, namely write access after login, you criticized earlier?
Either way, if you found a good solution, I would of course be happy if you would share it with the community.
The passwords remain on the IPFire, only the symlink is changed.
I already do that now.
Only I use the VID:PID from the dongel, because I still had a problem with the communication between IPFire and dongel.
what is still to come:
The dongel gets a new ID number every time it is plugged in and the ID is valid.
The Dongelnummer and the ID are administered on a central server, and can be administered if necessary from there (only a thought).