Dear Friends,

I am trying to understand why my card gets locked.

I am testing a legacy crypto card with:
* Evolution configured to load X.509 certificates.
* ssh-add -s /usr/lib/opensc-pkcs11.so (gnome-keyring).
* pam_p11 or pam_pkcs11

At some point, the card gets locked.

# By default, the OpenSC PKCS#11 module will lock your card
# once you authenticate to the card via C_Login.
# This is to prevent other users or other applications
# from connecting to the card and perform crypto operations
# (which may be possible because you have already authenticated
# with the card). Thus this setting is very secure.
#   
# This behavior is a known violation of PKCS#11 specification,
# and is forced due to limitation of the OpenSC framework.
#   
# However now once one application has started using your
# card with C_Login, no other application can use it, until
# the first is done and calls C_Logout or C_Finalize.
# In the case of many PKCS#11 application this does not happen
# until you exit the application.  
#   
# Thus it is impossible to use several smart card aware
# applications at the same time, e.g. you cannot run both
# Firefox and Thunderbird at the same time, if both are
# configured to use your smart card.
#   
# Default: true
lock_login = false;

Any idea? What is the support for lock_login. What information do you
need to debug?

Of course, my setup is PCSC+libCCID.

IMHO this needs to be fixes for OpenSC to become widely used under
GNU/Linux.

Kind regards,
Jean-Michel
-- 
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to