On Wed, Oct 28, 2009 at 04:03:07PM -0400, Wyllys Ingersoll wrote:
> Will Fiveash wrote:
> > When I run:
> > pktool list objtype=cert:public
> > I see:
> > Enter PIN for Sun Software PKCS#11 softtoken:
> > Given this is a public object, why am I prompted for my PIN?
>
> Because some tokens require login even for access to public objects.
> The SCA6000 tokens, for example.
The PKCS#11 v2.20 spec states:
Further classification defines access requirements. Applications are
not required to log into the token to view ?public objects?;
however, to view ?private objects?, a user must be authenticated to
the token by a PIN or some other token-dependent method (for
example, a biometric device).
Why doesn't the softtoken support this? The current implementation
appears to violate the spec, no?
--
Will Fiveash
Sun Microsystems Office x64079/512-401-1079
Austin, TX, 78727 (TZ=CST6CDT), USA
Internal Solaris Kerberos/GSS/SASL website: http://kerberos.sfbay.sun.com
http://opensolaris.org/os/project/kerberos/
