PC/SC client and server on two different hosts

Estobuntu (a remastered Kubuntu Lucid Live CD that uses Estonian by default) uses LTSP (Linux Terminal Server Project) and a modified version of ssh to redirect the pcsc-lite client-server communication channel.

The feature has been added in revision r5373 and will be available in pcsc-lite version 1.6.5.

Architecture

• pcscd is running on the remote terminal, where the smart card reader is connected.
• SSH is used to redirect the pcscd socket /var/run/pcscd/pcscd.comm from the client terminal to a file on the server and then used by the libpcsclite.so client library.
• On the server each client session must have its own socket to a different pcscd running on different terminals. So the file is located in the user home directory: $HOME/.pcscd.com

Setup

On the pcscd side the socket /var/run/pcscd/pcscd.comm is redirected by ssh.

On the libpcsclite.so side the redirection is done by configuring the environment variable PCSCLITE_CSOCK_NAME.

$ export PCSCLITE_CSOCK_NAME=$HOME/.pcscd.comm
$ the_program

Issues

This setup cannot use the auto start feature. The auto start feature allows to start the pcscd daemon only when the libpcsclite.so is used by an application. Since the pcscd and libpcsclite.so are now on two different machines it is a bit more complex than just fork+exec. The libpcsclite.so would have to start pcscd on a different machine. This is possible but is not implemented.

Conclusion

This feature could also be used outside of Estobuntu and LTSP.

SSH does not, natively, redirect a Unix domain socket to a remote Unix domain socket. But maybe a simple tool exists for doing just that. If you know something like that please add a comment. One problem is that Unix domain socket can do more than Internet sockets (like transfer a file handle with SCM_RIGHTS or Unix credentials with SCM_CREDENTIALS), but pcsc-lite does not use these services.