Will Fiveash wrote: > On Thu, Oct 29, 2009 at 02:42:22PM +0000, Darren J Moffat wrote: >> Wyllys Ingersoll wrote: >>> The problem I recall is that I think the SCA6000 requires login even for >>> accessing public objects and "pktool list" without the logging in >>> resulted in no objects being found. >> Hmn, okay at least if I remove CKF_LOGIN_REQUIRED from softtoken that fixes >> the most common use case. So maybe leave pktool alone then. > > It also sounds like the SCA6000 is broken in regards to requiring login > to access public objects.
Not necessarily, in fact that is exactly what CKF_LOGIN_REQUIRED means - you have to login. Apparently this is common among FIPS 140-2 certified PKCS#11 tokens. Now if the CA-6000 didn't have CKF_LOGIN_REQUIRED set and you did have to login to see public objects then I'd say it was buggy. -- Darren J Moffat
