On Fri, Nov 17, 2006 at 02:47:31PM +0100, Ludovic Rousseau wrote:
> I don't know if pam_pkcs11 can know:
> - that a PIN pad is connected
> - that the PKCS#11 lib will/can use the PIN pad so the PAM module do
> not have to ask for a PIN on the keyboard.
Supposedly, it can.
CKF_PROTECTED_AUTHENTICATION_PATH in CK_TOKEN_INFO.flags.
Try using pkcs11-spy, it pretty-prints CK_TOKEN_INFO on successful
calls to C_GetTokenInfo.
See PKCS#11 v2.11 page 16, 6.7.4 on page 28, page 152 and page 154.
--8<-- framework-pkcs15.c:pkcs15_init_slot()
if (card->card->slot->capabilities & SC_SLOT_CAP_PIN_PAD) {
slot->token_info.flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
sc_pkcs11_conf.cache_pins = 0;
}
-->8--
--8<-- libopensc/reader-ctapi.c:
if (priv->ctapi_functional_units & CTAPI_FU_KEYBOARD)
reader->slot[i].capabilities |= SC_SLOT_CAP_PIN_PAD;
-->8--
--8<-- libopensc/reader-openct.c:
if (data->info.ct_keypad)
reader->slot[i].capabilities |= SC_SLOT_CAP_PIN_PAD;
-->8--
--8<-- libopensc/reader-pcsc.c:
/* Set slot capabilities based on detected IOCTLs */
if (pslot->verify_ioctl || (pslot->verify_ioctl_start &&
pslot->verify_ioctl_finish)) {
char *log_text = "Reader supports pinpad PIN verification";
if (priv->gpriv->enable_pinpad) {
sc_debug(reader->ctx, log_text);
slot->capabilities |= SC_SLOT_CAP_PIN_PAD;
} else {
sc_debug(reader->ctx, "%s %s", log_text, log_disabled);
}
}
-->8--
libopensc/card-belpic.c has a BELPIC_PIN_PAD ifdef and lots of pinpad
code within..
What reader were you using again?
//Peter
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
