On Tue, Sep 30, 2008 at 1:49 AM, Huie-Ying Lee <[EMAIL PROTECTED]> wrote:
> Ludovic Rousseau wrote:
>>
>> Hello,
>>
>> On Sat, Sep 27, 2008 at 12:27 AM, Huie-Ying Lee <[EMAIL PROTECTED]>
>> wrote:
>>
>>>
>>> The pam_pkcs11 module assumpts that all PKCS#11 tokens are smartcards,
>>> so
>>> it will display "Smart card" key word in the PAM prompt message.
>>> However,
>>> most of the PKCS#11 tokens are not Smart cards. so we modified some
>>> prompt
>>> messages to avoid confusion when
>>> we ported this module to Solaris OS.
>>>
>>
>> What are your PKCS#11 tokens? USB tokens?
>>
>>
>
> Any PKCS#11 tokens, smartcard or no smartcard.
>
>> I agree with Bob, explicitly using "PKCS#11 slot" is not
>> understandable by most users.
>>
>>
>
> Right. I agreed with Bob's comcern about the "PKCS#11" keyword in the
> prompt also.
> How about changing the "Found the PKCS#11 slot with a token." message to
> "Found the slot with a token" ?
> Any suggestion about the message ?
>
>> I propose to use a configuration here. The default name would be
>> "smart card" but the admin could use "secure token" or whatever else
>> We could add a "token_name" parameter in the pkcs11_module
>> configuration.
>>
>> # NSS (Network Security Service) config
>> pkcs11_module nss {
>> nss_dir = /etc/ssl/nssdb;
>> crl_policy = none;
>> token_name = "secure slot"
>> }
>>
>> Comments?
>
> Good idea. But I prefer to use "token_type" than token_name.
No objection for "token_type".
Can you propose a patch to implement these changes?
Regards,
--
Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
