On 21/12/06, Martin Paljak <[EMAIL PROTECTED]> wrote:
On 21.12.2006, at 0:25, Faidon Liambotis wrote: > [please Cc me on replies]
The point here is: whenever you REQUIRE a PIN in your application, you're probably doing something wrong. Or you must have a really, really good reason for it. PIN is not like a password you should pass around. Your application, if smartcard enabled, should not in ideal case even have GUI elements with 'PIN' in it. The best way to approach 'hardware tokens' such as smart cards is to think about issues as pinpads as early as possible.
You are right Martin. But PAM was not designed with smart cards in mind. If PAM provides a mechanism to pass the PIN/password/whatever to subsequent PAM module and this feature is used we should not disable it just because it is not possible with a pinpad reader. So I propose to add the "offending" code again and let people benefit of the feature if they want. An improvement may be to save the PIN only if PKCS11_login() succeeds? bye, -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
