[Bug 2652] PKCS11 login skipped if login required and no pin set
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Feb 23 23:55:38 AEDT 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2652
--- Comment #13 from Daniel Kucera <openssh at danman.eu> ---
(In reply to Jakub Jelen from comment #12)
>
> Prompting for the PIN for public key operations is nothing we would
> like to do automatically, so there really should be some switch to
> do the login before listing the keys or the login should be proposed
> explicitly by for example a PIN in PKCS#11 URI.
I see two reasonable options here: either to check return of all
functions for CKR_USER_NOT_LOGGED_IN return code and retry them after
login or login always when CKF_LOGIN_REQUIRED is set.
Moreover, not every time when you call login with NULL pin you are
required to put it in. In my case the library ask for it only time to
time (you can see my usecase here:
https://blog.danman.eu/ssh-autentifikacia-s-eid-obcianskym-preukazom-pod-linuxom/
) probably because it keeps the session with card open.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list