Helo, On Aug 25, 2010, at 2:55 PM, Ludovic Rousseau wrote: > 2010/8/25 Martin Paljak <mar...@paljak.pri.ee>: >> If everything is working fine, there's nothing to worry about. If not, then >> it can be fixed by implementing a proper GET CHALLENGE method in >> card-setcos.c. If you can sniff the correct APDU for this (or if you have >> the manual) would be great. Or something in pkcs11_inspect should be fixed >> to not depend on the smart card module C_GenerateRandom(). > > I could not find any use of C_GenerateRandom() by pam_pkcs11. So I am > not sure the culprit is pkcs11_inspect or another part of pam_pkcs11.
pam_sm_authenticate in src/pam_pkcs11/pam_pkcs11.c [1] calls get_random_value [2] which has two implementations in src/common/pkcs11_lib.c: - one that uses C_GenerateRandom [3] - one that uses /dev/random [4] I think this is the "main" authentication callback of pam_pkcs11? The two different implementations seem to come from NSS vs no NSS. [1] http://www.opensc-project.org/pam_pkcs11/browser/trunk/src/pam_pkcs11/pam_pkcs11.c#L173 [2] http://www.opensc-project.org/pam_pkcs11/browser/trunk/src/pam_pkcs11/pam_pkcs11.c#L597 [3] http://www.opensc-project.org/pam_pkcs11/browser/trunk/src/common/pkcs11_lib.c#L834 [4] http://www.opensc-project.org/pam_pkcs11/browser/trunk/src/common/pkcs11_lib.c#L1754 -- Martin Paljak @martinpaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
