Hello,
When Ludovic told me that the PKCS#11 is transmitting the PIN over and over, I
thought he is crazy, but I was wrong!
Can anyone tell me why this option is on by default?
And how does it make sense if you removed and inserted your card? After such
even the user should be prompted for passphrase.
So unless there is a good reason, I will turn off this default.
Alon.
---
Index: src/pkcs11/misc.c
===================================================================
--- src/pkcs11/misc.c (revision 3504)
+++ src/pkcs11/misc.c (working copy)
@@ -340,6 +340,6 @@
conf->num_slots = scconf_get_int(conf_block, "num_slots",
conf->num_slots);
conf->hide_empty_tokens = scconf_get_bool(conf_block,
"hide_empty_tokens", 0);
conf->lock_login = scconf_get_bool(conf_block, "lock_login", 0);
- conf->cache_pins = scconf_get_bool(conf_block, "cache_pins", 1);
+ conf->cache_pins = scconf_get_bool(conf_block, "cache_pins", 0);
conf->soft_keygen_allowed = scconf_get_bool(conf_block,
"soft_keygen_allowed", 1);
}
Index: etc/opensc.conf.in
===================================================================
--- etc/opensc.conf.in (revision 3504)
+++ etc/opensc.conf.in (working copy)
@@ -339,11 +339,10 @@
# may not work properly with OpenSC; for instance
# when you have two keys on your card that get
# stored in two different directories.
+ # In this case, you can turn on PIN caching by enabling
+ # cache.
#
- # In this case, you can turn on PIN caching by setting
- # cache_pins = true
- #
- # Default: true
+ # Default: false
# cache_pins = false;
# Set this value to false if you want to enforce on-card
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
