On Wed, Oct 08, 2008 at 03:50:16PM -0700, Valerie Bubb Fenwick wrote: > On Wed, 8 Oct 2008, Glenn Barry wrote: > > Does a pkcs11 module outside the crypto framework (that is, not > > installed via cryptoadm) need to be signed in order to be used (legally) > > by an OpenSolaris app (kinit(1) for example)? > > If it is going to be used as part of the cryptographic framework, > then yes, it needs to be signed. If you'd like to use it directly, > instead of using the cryptographic framework, then no, it would > not need to be signed. But, most things in opensolaris link directly > to libpkcs11 when built, which then attaches to the cryptographic > framework. Some things, like browsers, though, can be configured by > the user.
This would be like in.iked.
