On Wed, 2010-04-21 at 07:48 -0400, Jim Rees wrote:
>
> I don't think that's what you mean. "PIN is blocked" is a precise
> term used
> by smart card people, it means the card is no longer usable because it
> has
> detected an attempted intrusion and shut itself down. I think what
> you mean
> is that app no. 2 is unable to access the card because app no. 1 is
> using
> it, and when app no. 1 is done, app no. 2 can proceed. Correct?
I had to unlock the card using PUK code. But you are right, some of my
applications cannot access the card.
> Someone mentioned this is a restriction in pkcs11, but it's really
> more of a
> card policy issue in my opinion. The idea is that if app no. 1 has
> submitted a PIN but app no. 2 has not, then app no. 2 should not have
> access
> to crypto ops requiring a PIN. And since pkcs11 has no way to know
> which
> ops might require a PIN, it blocks everything from app no. 2. This
> may not
> be the security model you prefer but it's what we're stuck with.
I though lock_login = false;
was enough to prevent this.
Kind regards,
--
Jean-Michel Pouré - Gooze - http://www.gooze.eu
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
