https://bugzilla.mindrot.org/show_bug.cgi?id=2652

--- Comment #11 from Daniel Kucera <open...@danman.eu> ---
(In reply to Jakub Jelen from comment #10)
> Thank you for testing the patch. But your changes again change the
> semantics and issue the pinpad login even if the PIN is NULL, which
> is not what you generally want.

But if CKF_LOGIN_REQUIRED is set why would one want to skip login?

> 
> Or is your card requiring the login also for the listing of public
> keys? What do you get if you try to list the public objects from
> pkcs11-tool?
> 
> pkcs11-tool -O /usr/lib/eidklient/libpkcs11_sig_x64.so

My card requires login for absolutely everything

$ pkcs11-tool -vvv --module /usr/lib/eidklient/libpkcs11_sig_x64.so -O
Using slot 0 with a present token (0x1)
$ pkcs11-tool -vvv --module /usr/lib/eidklient/libpkcs11_sig_x64.so -l
-O
Using slot 0 with a present token (0x1)
Private Key Object; RSA 
  label:      571cd7f3-0935-4218-b7cf-4b43af29d1bc
  ID:         ...
  Usage:      decrypt, sign
  Access:     always authenticate
Certificate Object; type = X.509 cert
  label:      571cd7f3-0935-4218-b7cf-4b43af29d1bc
  ID:         ...

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

Reply via email to