[Bug 2638] New: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private objects

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Nov 11 22:09:12 AEDT 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2638

            Bug ID: 2638
           Summary: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the
                     private objects
           Product: Portable OpenSSH
           Version: 7.3p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Keywords: patch
          Severity: enhancement
          Priority: P5
         Component: Smartcard
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Created attachment 2890
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2890&action=edit
[PATCH] Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private
objects

We don't need to care about always_authenticate attribute in case of
simple  ssh  connections, because the private key operation is
performed only once (immediately after login). But this is a problem in
 ssh-agent  which can authenticate more connections.

This patch introduces the additional login (the pin is requested using
SSH_ASKPASS if defined) if this attribute is not CK_FALSE.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list