On 20.6.2014 20:23, Simo Sorce wrote:
On Fri, 2014-06-20 at 20:04 +0200, Petr Spacek wrote:
ipk11Private;privatekey: TRUE
ipk11Private;publickey: FALSE

can these two ever hold a different value ?
ie a privatekey be FALSE and a publickey be TRUE ?

If not I suggest you do not add this attribute at all and assume their
value ?

+1, we can use default values for most, if not all of the boolean flag attributes. Personally, I would try to avoid using ipk11 attributes until the PKCS#11 module is designed/implemented.

(btw I forgot what's the point of that attribute)

When it is true, a user may not access the object until the user has been authenticated to the token (what PKCS#11 spec says).


Jan Cholasta

Freeipa-devel mailing list

Reply via email to