In my ongoing saga to get a private key and certificate on a Feitan smart card via the gnome-keyring importer and PKCS#11 ...
I was running into an issue where the PIN would fail to verify, and C_CreateObject would return CKR_USER_NOT_LOGGED_IN. I tracked this down to the PIN cache. It tries to lock the PIN in memory so it can't be paged. Sadly the importer process is already using some mlock'd memory, and the request to mlock() memory was failing for me, and so any operation that needed the pin was failing such as deep in the bowels of C_CreateObject's PKCS#15 implementation. In gnome-keyring we handle this case by printing a warning and then falling back to use non-mlock() memory. We also have a GNOME_KEYRING_PARANOID environment variable configured that prevents this behavior. If this fallback behavior is acceptable I'll create a patch. Cheers, Stef _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
