On Mon, Oct 06, 2008 at 01:44:34PM -0700, Anthony Scarpino wrote: > > Note that sc_pkcs11_get_mechanism_list is called with p11card=0x0. > > Ticket #181 gets around this. > > > > I have not tracked down the sshd and login problems yet. > > I am assuming that is related to no mechanism list. > > Just a wild stab here.. If metaslot is enabled, it will retrieve a list > of mechanisms from all the providers. You may try disabling metaslot, > 'cryptoadm disable metaslot', to see if that helps.. > > > Note that sshd should not be using the console user's > > smartcard for any crypto! > > OpenSC and the smartcard are providers in PKCS#11. If it is providing > crypto to the system, it is available to be used. Granted no one would > ever want a smartcard to do the crypto ops, but there is nothing in > PKCS#11 to stop it..
Is there any way to provide a provider preference order so that smartcards are never used for crypto other than in relation to non-extractable keys? Nico --
