On Tue, Oct 07, 2008 at 11:46:10AM -0500, Douglas E. Engert wrote: > More on using OpenSC-0.11.6 with Solaris 10 and > /usr/lib/libpkcs11.so. > > I rebuilt OpenSC to use the OpenSSL from /usr/sfw
Good idea. You don't want to end up with two different versions of OpenSSL in the same process' image (that'd not be supported, first of all, second, you can expect things to fail). > With the metaslot disabled, sshd works, > but it does load the opensc-pkcs11, and if a card > is present, opensc will access the card to get > info need to setup for use with pkcs11. This > adds about 5 seconds to the ssh connection! How could sshd tell OpenSSL/the PKCS#11 engine/libpkcs11/OpenSC, that smartcards need not apply in this code path? One hack might be to use an environment variable that OpenSC might understand to mean: make believe there are no tokens. Another might be a way to tell libpkcs11 not to load OpenSC in this process (also through an env var?). Nico --
