[Bug 2638] New: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the  private objects
    bugzilla-daemon at bugzilla.mindrot.org 
    bugzilla-daemon at bugzilla.mindrot.org
       
    Fri Nov 11 22:09:12 AEDT 2016
    
    
  
https://bugzilla.mindrot.org/show_bug.cgi?id=2638
            Bug ID: 2638
           Summary: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the
                     private objects
           Product: Portable OpenSSH
           Version: 7.3p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Keywords: patch
          Severity: enhancement
          Priority: P5
         Component: Smartcard
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com
Created attachment 2890
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2890&action=edit
[PATCH] Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private
objects
We don't need to care about always_authenticate attribute in case of
simple  ssh  connections, because the private key operation is
performed only once (immediately after login). But this is a problem in
 ssh-agent  which can authenticate more connections.
This patch introduces the additional login (the pin is requested using
SSH_ASKPASS if defined) if this attribute is not CK_FALSE.
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
    
    
More information about the openssh-bugs
mailing list