On 10/29/09 09:48, Darren J Moffat wrote: > Will Fiveash wrote: >> On Thu, Oct 29, 2009 at 02:42:22PM +0000, Darren J Moffat wrote: >>> Wyllys Ingersoll wrote: >>>> The problem I recall is that I think the SCA6000 requires login even >>>> for >>>> accessing public objects and "pktool list" without the logging in >>>> resulted in no objects being found. >>> Hmn, okay at least if I remove CKF_LOGIN_REQUIRED from softtoken >>> that fixes the most common use case. So maybe leave pktool alone >>> then. >> >> It also sounds like the SCA6000 is broken in regards to requiring login >> to access public objects. > > Not necessarily, in fact that is exactly what CKF_LOGIN_REQUIRED means - > you have to login. Apparently this is common among FIPS 140-2 certified > PKCS#11 tokens. > > Now if the CA-6000 didn't have CKF_LOGIN_REQUIRED set and you did have > to login to see public objects then I'd say it was buggy.
We specify CRYPTO_EXTF_LOGIN_REQUIRED which I assume the framework translates into CKF_LOGIN_REQUIRED. -gary >
