Hello, a debian user reported this bug. I've confirmed that it is in fact the case. The attached diff should fix the discrepancy.
-- Eric Dorland <[EMAIL PROTECTED]> ICQ: #61138586, Jabber: [EMAIL PROTECTED]
--- Begin Message ---Package: libopensc2 Version: 0.11.4-2 Severity: minor According to the comment for option lock_login in opensc.conf as shipped in the Debian package, the option defaults to true. Trial and error indicates that this comment is incorrect, and the default for lock_login is actually set to false. Please adjust. Thanks, Mark -- Vorstand/Board of Management: Dr. Bernd Finkbeiner, Dr. Florian Geyer, Dr. Roland Niemeier, Dr. Arno Steitz, Dr. Ingrid Zech Vorsitzender des Aufsichtsrats/ Chairman of the Supervisory Board: Prof. Dr. Hanns Ruder Sitz/Registered Office: Tuebingen Registergericht/Registration Court: Stuttgart Registernummer/Commercial Register No.: HRB 382196
--- End Message ---
diff --git a/etc/opensc.conf.in b/etc/opensc.conf.in
index 36aeba8..5d7d609 100644
--- a/etc/opensc.conf.in
+++ b/etc/opensc.conf.in
@@ -317,20 +317,20 @@ app opensc-pkcs11 {
# slots.
hide_empty_tokens = yes;
- # By default, the OpenSC PKCS#11 module will
- # try to lock this card once you have authenticated
- # to the card via C_Login. This is done so that no
- # other user can connect to the card and perform
- # crypto operations (which may be possible because
- # you have already authenticated with the card).
+ # By default, the OpenSC PKCS#11 module will will not lock
+ # this card once you have authenticated to the card via
+ # C_Login. This may add some risk as other users may connect
+ # to the card and perform crypto operations (which may be
+ # possible because you have already authenticated with the
+ # card). You may consider changing it to true.
#
- # However, this also means that no other application
- # that _you_ run can use the card until your application
- # has done a C_Logout or C_Finalize. In the case of
- # Netscape or Mozilla, this does not happen until
- # you exit the browser.
- # Default: true
- # lock_login = true;
+ # However, if you do, this also means that no other
+ # application that _you_ run can use the card until your
+ # application has done a C_Logout or C_Finalize. In the case
+ # of Netscape or Mozilla, this does not happen until you exit
+ # the browser.
+ # Default: false
+ # lock_login = false;
# Normally, the pkcs11 module will not cache PINs
# presented via C_Login. However, some cards
signature.asc
Description: Digital signature
_______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
