smart cards (was: OpenSSH daemon security bug?)
Markus Friedl
markus.r.friedl at arcor.de
Thu Jan 7 22:34:31 EST 2010
On Wed, Jan 06, 2010 at 07:40:22AM -0500, Jim Rees wrote:
> I thought the pkcs11 patches were already in. What's the hold up? Is it
> the PIN caching, separation into an agent, or something else?
last time i checked there have been some issues, including the size
of the patches, and that pkcs#11 support should replace both the
old opensc and openbsd only (#define SMARTCARD) code. the obsolete
code should go away. moreover, -# is a poor choice for a command
line option; the problems with the agent protocol have not been
resolved, etc. i'll try to work on this during the next weeks, but
right now i don't have working pkcs#11/smartcard gear on openbsd.
-m
More information about the openssh-unix-dev
mailing list