On 20.6.2014 20:23, Simo Sorce wrote:
On Fri, 2014-06-20 at 20:04 +0200, Petr Spacek wrote:
ipk11Private;privatekey: TRUE
ipk11Private;publickey: FALSE


can these two ever hold a different value ?
ie a privatekey be FALSE and a publickey be TRUE ?

If not I suggest you do not add this attribute at all and assume their
value ?

+1, we can use default values for most, if not all of the boolean flag attributes. Personally, I would try to avoid using ipk11 attributes until the PKCS#11 module is designed/implemented.

(btw I forgot what's the point of that attribute)

When it is true, a user may not access the object until the user has been authenticated to the token (what PKCS#11 spec says).


Simo.



--
Jan Cholasta

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to