On 12/9/08, Andreas Jellinghaus <[EMAIL PROTECTED]> wrote: > Am Montag, 8. Dezember 2008 19:42:46 schrieb Alon Bar-Lev: > > > Anyway... OpenSSH developers do not accept this as they do not accept > > LDAP, X.509, GSS and other features. > > > I thought so. thus maybe they would accept a pkcs#11 implementation, > if that one did not use any external library and was quite simple > (i.e. looks at rsa public/private keys only)?
Well... It is never as simple as it first appears. You have to deal with many types of tokens, including ones that do not store public key objects, or store the certificate in private area. There is also an issue of detecting removal and insert, and ask for authentication. This is why I wrote the pkcs11-helper library... > hmm. are there any alternatives to openssh worth looking into? Nope. OpenSSH with the X.509, GSS, (LDAP) and PKCS#11 patches is still the best solution out there. Alon. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
