[opensc-devel] Lock_login and mulithreading issues

Dear all, In a discussion with Alon Bar-Lev on OpenVPN mailing list, Alon explains that lock_login=true is better for security as it restricts login to the token. Also, multi-threaded applications may have problems accessing the token. On my side, I noticed that some applications like Firefox don'

Re: [opensc-devel] lock_login = false

I have lock disabled (default), and have not issues with engine. I am using opensc trunk. On 5/10/08, Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]> wrote: > > Was the ticket > http://www.opensc-project.org/opensc/ticket/115 > addressed? > > Alexander, I think you reported it, do you or anybody k

Re: [opensc-devel] lock_login = false

In relation to that, I'm not sure if it's related. However when using engine_pkcs11 with latest opensc 0.11.4 the function pkcs11_load_key of engine_pkcs11.c returns "Found slot without user PIN" at if (isPrivate && !tok->userPinSet && !tok->readOnly) { fprintf(stderr,"Found slot wi

[opensc-devel] lock_login = false

Was the ticket http://www.opensc-project.org/opensc/ticket/115 addressed? Alexander, I think you reported it, do you or anybody know something about it? -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: Join the Revolution!

Re: [opensc-devel] lock_login

Hi, Maybe the opening up of lock_login was premature as there seems to be quite some code that depends on the locked behavior, what is not acceptable if there are more actors than just one single application trying to play with the card. One thing to do would be to re-work the code and anal

Re: [opensc-devel] lock_login

n advance, Franz From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; opensc-devel@lists.opensc-project.org Date: Sun, 3 Feb 2008 20:39:26 +0000 Subject: Re: [opensc-devel] lock_login Hello, it shouldn't be an application problem, i guess it is rather a problem in the A-Trust ACOS specific c

Re: [opensc-devel] lock_login

x such an issue ?). Thanks a lot, Franz > Date: Fri, 1 Feb 2008 15:37:25 +0100 > From: [EMAIL PROTECTED] > To: opensc-devel@lists.opensc-project.org > Subject: Re: [opensc-devel] lock_login > > On Feb 1, 2008 1:48 PM, Franz Brandl <[EMAIL PROTECTED]> wrote: > >

Re: [opensc-devel] lock_login

Am Freitag, 1. Februar 2008 13:48:57 schrieb Franz Brandl: > Hi all, > > when testing a new generation of A-Trust ACOS based cards, i came across > the fact that the cards do not work with OpenSC when the lock_login > parameter is set to False. The parameters default value has been changed > some t

Re: [opensc-devel] lock_login

On Feb 1, 2008 1:48 PM, Franz Brandl <[EMAIL PROTECTED]> wrote: > Hi all, Hello, > when testing a new generation of A-Trust ACOS based cards, i came across the > fact that the cards do not work with OpenSC when the lock_login parameter is > set to False. What is the problem exactly with lock_log

[opensc-devel] lock_login

Hi all, when testing a new generation of A-Trust ACOS based cards, i came across the fact that the cards do not work with OpenSC when the lock_login parameter is set to False. The parameters default value has been changed some time ago, as i learned, so that the cards now do not work with a def

Re: [opensc-devel] lock_login (again)

Martin Paljak wrote: On 15.05.2006, at 17:58, Nils Larsch wrote: Comments are very welcome. IMO it is not not right to call the logout function in libopensc *unlock* function. the name sc_lock()/sc_unlock() is a misnomer, something like sc_begin_transaction()/sc_end_transaction() would be

Re: [opensc-devel] lock_login (again)

Andreas Jellinghaus wrote: ... but that does not sound like a small change, the attached patch works for me (of course it's just a quick hack). It's not that big but of course it makes the code a bit more complex. Cheers, Nils Index: src/pkcs11/pkcs11-global.c =

Re: [opensc-devel] lock_login (again)

On 15.05.2006, at 17:58, Nils Larsch wrote: Comments are very welcome. IMO it is not not right to call the logout function in libopensc *unlock* function. Such de-authentication might be more appropriate at pkcs#11/tokend level (where the lock_login problem comes from actually). Making it

Re: [opensc-devel] lock_login (again)

Am Montag, 15. Mai 2006 17:58 schrieb Nils Larsch: > As a solution I would suggest adding a flag to the opensc ctx which > determines whether or not to issue a logout call at the end of a > transaction (i.e. when sc_card_t::lock_count == 0) + an appropriate > change to the config. I don't know the

[opensc-devel] lock_login (again)

Moin, after we have set the default value of lock_login to false we now have a 'little' problem with the regression tests (and I guess with most other application using the pkcs11 and where the card supports a logout) as now opensc does a logout after each transaction ... As a solution I would su

Re: [opensc-devel] lock_login default?

Andreas Jellinghaus wrote: afaik we agreed that we should set lock_login per default to false however it looks like nobody committed this change so far ... ah. I only saw the config file was changed, but didn't check if some in code default needs to be changed as well. please change / commit i

Re: [opensc-devel] lock_login default?

> afaik we agreed that we should set lock_login per default to false > however it looks like nobody committed this change so far ... ah. I only saw the config file was changed, but didn't check if some in code default needs to be changed as well. please change / commit into trunk so we get this r

Re: [opensc-devel] lock_login default?

Jean-Pierre Szikora wrote: Hi, Is the default lock_login really set to 'false' in OpenSC 0.11.0 as I can read in opensc.conf? During my testing before releasing a new experimental SCA release, I need to explicitely set 'lock_login = false;' to get the right behaviour. afaik we agreed that w

[opensc-devel] lock_login default?

Hi, Is the default lock_login really set to 'false' in OpenSC 0.11.0 as I can read in opensc.conf? During my testing before releasing a new experimental SCA release, I need to explicitely set 'lock_login = false;' to get the right behaviour. Cheers, Jean-Pierre _

Re: [opensc-devel] "lock_login = true" in opensc.conf

Martin Paljak wrote: On 22.03.2006, at 23:57, Nils Larsch wrote: Martin said that he would like to set "lock_login" to true as the default value in our opensc.conf. I'd like it to be default *false* in the code (pkcs11/misc.c line 338) sorry a typo. So again: are there any security (or other

Re: [opensc-devel] "lock_login = true" in opensc.conf

On 22.03.2006, at 23:57, Nils Larsch wrote: Martin said that he would like to set "lock_login" to true as the default value in our opensc.conf. I'd like it to be default *false* in the code (pkcs11/misc.c line 338) (And commented out in the config file) So that several applications could in de

[opensc-devel] "lock_login = true" in opensc.conf

Hi, Martin said that he would like to set "lock_login" to true as the default value in our opensc.conf. Are there any objections against this (incl. security concerns) ? Cheers, Nils ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org h