On Mon, Oct 06, 2008 at 04:09:40PM -0500, Douglas E. Engert wrote: > >>OpenSC and the smartcard are providers in PKCS#11. If it is providing > >>crypto to the system, it is available to be used. Granted no one would > >>ever want a smartcard to do the crypto ops, but there is nothing in > >>PKCS#11 to stop it.. > > > >Is there any way to provide a provider preference order so that > >smartcards are never used for crypto other than in relation to > >non-extractable keys? > > Good question. And to associate a provider with a user or session, > i.e. smart card at the console is only for the user at the console.
I think that's doable through logindevperm(4). Nico --
