lock_login default

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

lock_login default

Andreas Jellinghaus-2
On Friday 23 September 2005 09:43, Martin Paljak wrote:
> lock_login should be set to false in opensc.conf pkcs11 section (what
> is done in the 'mp' series to allow java applets access the card as
> well as windows CSP be used when pkcs#11 is in use too...

I don't know the problematic myself good enough to decide this.
What does everyone else suggest?

Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: lock_login default

Nils Larsch
Andreas Jellinghaus wrote:
> On Friday 23 September 2005 09:43, Martin Paljak wrote:
>
>>lock_login should be set to false in opensc.conf pkcs11 section (what
>>is done in the 'mp' series to allow java applets access the card as
>>well as windows CSP be used when pkcs#11 is in use too...
>
>
> I don't know the problematic myself good enough to decide this.
> What does everyone else suggest?

the reason for the lock_login was, as far as I remember,
to prevent other applications from using authentication state
acquired by the pkcs11 app. However as the pkcs11 should
logout once it's has finished one operation it might be safe
to set lock_login to "false" as default (this of course assumes
that the card supports some kind of logout command, and not
every card does this afaik).
As it's not really nice that one long living pkcs11 could block
the card for other applications I think it's acceptable to set
the default value to "false" ... just my opinion.

Cheers,
Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel