Le vendredi 06 mai 2011 à 15:41 +0200, Frank Morgner a écrit : > AFAIK, SCardConnect immediately returns an error if an application > wants > to access a reader which is already in exclusive use. Have you tried > switching on exclusive mode in the configuration file of OpenSC? (Note > that this does not completely remove security issues.)
Many thanks Franck and Martin, using exclusive mode solved my problem: Running ssh-add first: 1) Run ssh-add -s /usr/lib/opensc-pkcs11.so => Success 2) Start Iceweasel 4 (based on Firefox 4). The security token is not shown ... which is normal as we are in exclusive mode. Iceweasel is started immediately. Running firefox first: 1) Start Iceweasel and login token. Iceweasel is started immediately. 2) ssh-add -s /usr/lib/opensc-pkcs11.so => Failure. Whch is normal as we are in exclusive mode. In exclusive mode, the response is fast, almost instantaneous. In shared mode, I experienced some strange timeouts, waiting for the application to launch. Even when only ONE applications is running. A typical example is ssh-add -s /usr/lib/opensc-pkcs11.so and then run ssh [email protected]. In shared more you can wait 12 seconds adding the card and 60 more seconds when using ssh. Or more before anything happens. In exclusive mode, works immediately. Exclusive more: time | ssh-add -s /usr/lib/opensc-pkcs11.so => 8s time | ssh foo@bar ; exit => 4s time | ssh-add -e /usr/lib/opensc-pkcs11.so => 2s Shared mode: time | ssh-add -s /usr/lib/opensc-pkcs11.so => 12s time | ssh foo@bar ; exit => fails 50% of the time or is VERY long. Also, in shared mode, running ssh-add first and then running firefox will block firefox startup. I wonder if there is not a problem in shared more or if we should not ask users to use exclusive mode only. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
