[Bug 2638] New: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private objects
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Nov 11 22:09:12 AEDT 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2638
Bug ID: 2638
Summary: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the
private objects
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
Keywords: patch
Severity: enhancement
Priority: P5
Component: Smartcard
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
Created attachment 2890
--> https://bugzilla.mindrot.org/attachment.cgi?id=2890&action=edit
[PATCH] Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private
objects
We don't need to care about always_authenticate attribute in case of
simple ssh connections, because the private key operation is
performed only once (immediately after login). But this is a problem in
ssh-agent which can authenticate more connections.
This patch introduces the additional login (the pin is requested using
SSH_ASKPASS if defined) if this attribute is not CK_FALSE.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list