Hello, On Sep 2, 2010, at 11:32 AM, Patrik Martinsson wrote: > Hello again, > >>> That can be improved in gdm/screensaver. OpenSC returns CKF_USER_PIN_LOCKED >>> after a PIN entrr try if the method got blocked. Even NSS/Firefox used to >>> ignore this return code for a long time and as a result asked for a PIN 3 >>> times (hardcoded apparently) even if the PIN was already locked. That got >>> fixed lately, don't know when it will arrive in Firefox though. Also see >>> ticket #250, for further flags to check for usability (e.g. "This will be >>> your final PIN try, failing this will block your PIN" message). > > Ok, sounds good. I don't know if i got this right, but is this the "workflow" > of how a authentication basically works with pkcs11 with nss enabled. > > login(gdm/scrennsaver/whatever) => pam_pkcs11 => nss => opensc => > pcscdriver => pcscd Yes, it should look like this.
Bugzilla bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=506939 https://bugzilla.mozilla.org/show_bug.cgi?id=506965 Unfortunately, bugzilla has removed the "my votes" feature which I used to keep track of interesting issues and the user interface is soo sloow and complicated that I'm not able to find the more detailed reports. Feel free to surf bugzilla yourself for the exact status of the issues. > >>> No, it is a bug in OpenSC pcsc driver. Just wanted to draw the attention to >>> the fact that it has nothing to do with Open*CT*. > Ok cool. Is there anything i can debug to help us out here ? I would really > like to get this working and I'm willing to spend alot of time on it to get > there, just need some info on how to go further. Not much, except for trying the patch when it's ready. I'm fixing it after the initial changes to #216, with the exception of adding "disappearing slots" to hotplugging PKCS#11 module, if it works with NSS. It might get ready soon (this week) -- Martin Paljak @martinpaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel