On 10/07/2016 06:56 PM, Ernie Kovak wrote:
Hello -
We're using JSS4 and NSS 3.24 with an OpenSC module to interact with a DoD CAC.
CACs will lock after 3 consecutive bad PIN entries. We're finding that if the
user enters a bad PIN even once, that hard limit is exceeded and the card is
locked.
What version of openSC are you using. OpenSC only recently got CAC
support added to it.
Have you tried coolkey?
I've searched through NSS to see if there's PIN retry logic, but I didn't see
anything, though I quickly got lost in the code so not sure. I'm a java dev...
NSS itself does not retry bad pins, but it does present the application
the opportunity to retry the pin. It has a flag so applications that
cache the pin can know to discard the cached pin on retry. It could be
an error in the JSS pin handler?
Is anyone else running a configuration like this that's seeing this behavior?
Is there a configuration item that might limit the retries?
Thanks!
Ernie
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
