On Thu, 2008-09-11 at 16:04 -0500, Nicolas Williams wrote: > On Thu, Sep 11, 2008 at 03:35:47PM -0500, Nicolas Williams wrote: > > On Thu, Sep 11, 2008 at 03:11:15PM -0500, Will Fiveash wrote: > > > If we must support "-X PKCS11:module_name=/tmp/libpkcs11.so.1" then this > > If we can make OpenSC accessible through libpkcs11 (and I don't see why > not, though the fact that it uses its own pk11 header file not derived > directly from the standard means we should check that the ABIs match) > then we should do that and drop this option.
I just realized that some of this was talked about on a thread on kmf-discuss in June. Darren specifically mentioned: "The OpenSC PKCS#11 library is known to work when plugged into libpkcs11 and the hope is that we will actually included it that way in some future release of Solaris, when we do that it would be in the default list of plugins." You can see the message here: http://mail.opensolaris.org/pipermail/kmf-discuss/2008-June/000471.html It seems to me that we should probably disable the PKCS11:module_name parameter and get the opensc pkcs11 libraries integrated. I'm still not totally sure how pkcs11-spy fits into the picture - can we integrate that too or use pkcs11-tracer instead? The problem with doing it this way is that I don't know of any plans to integrate the opensc libs so it would mean that pkinit would be available without opensc support for the immediate future. -M
