DEFAULT_PKCS11_WHITELIST on 64-bit Linux systems
imorgan at nas.nasa.gov
Thu Dec 29 09:35:32 AEDT 2016
On RHEL 6/amd64, the stock value for DEFAULT_PKCS11_WHITELIST is not
very useful. On such systems, /usr/lib64/* would need to be added to the
pattern list. Although users can specify the -P option every time they
launch ssh-agent, it might be nice to provide a means to specify a
default whitelist at build-time.
It's tempting to suggest that configure should automatically supply a
reasonable value for the whitelist based on the platform, but supporting
an option to configure would seem to be the simpler and safer solution.
% ./configure --with-default-pkcs11-whitelist="/usr/lib64/*'
More information about the openssh-unix-dev