smart cards (was: OpenSSH daemon security bug?)

Alon Bar-Lev alon.barlev at gmail.com
Thu Jan 7 22:45:40 EST 2010


Why don't you have openbsd working with PKCS#11.
I tested this a while back.

On Thu, Jan 7, 2010 at 1:34 PM, Markus Friedl <markus.r.friedl at arcor.de> wrote:
> On Wed, Jan 06, 2010 at 07:40:22AM -0500, Jim Rees wrote:
>> I thought the pkcs11 patches were already in.  What's the hold up?  Is it
>> the PIN caching, separation into an agent, or something else?
>
> last time i checked there have been some issues, including the size
> of the patches, and that pkcs#11 support should replace both the
> old opensc and openbsd only (#define SMARTCARD) code. the obsolete
> code should go away.  moreover, -# is a poor choice for a command
> line option; the problems with the agent protocol have not been
> resolved, etc.  i'll try to work on this during the next weeks, but
> right now i don't have working pkcs#11/smartcard gear on openbsd.
>
> -m
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>


More information about the openssh-unix-dev mailing list