Dear all,
In a discussion with Alon Bar-Lev on OpenVPN mailing list, Alon explains
that lock_login=true is better for security as it restricts login to the
token. Also, multi-threaded applications may have problems accessing the
token. On my side, I noticed that some applications like Firefox don'
On May 5, 2011, at 23:02 , Jean-Michel Pouré - GOOZE wrote:
> Dear all,
>
> Some simple questions:
>
> When used with lock_login = false;
> authenticated tokens are available for all users.
>
> For knowledge, what would be the technical solution to secure access in
> shared mode?
Have a look
On 2011-05-06 13:41, Martin Paljak wrote:
>
> On May 5, 2011, at 23:02 , Jean-Michel Pouré - GOOZE wrote:
>
>> Dear all,
>>
>> Some simple questions:
>>
>> When used with lock_login = false;
>> authenticated tokens are available for all users.
>>
>> For knowledge, what would be the technical solu
Le vendredi 06 mai 2011 à 14:41 +0300, Martin Paljak a écrit :
> Have a look at the wiki:
> http://www.opensc-project.org/opensc/wiki/SecurityConsiderations
Sure.
I am worried about:
* Application A opens communication with token and locks it.
* Application B tries to open communication with to
On Friday, May 06 at 03:03PM, Jean-Michel Pouré - GOOZE wrote:
> Le vendredi 06 mai 2011 à 14:41 +0300, Martin Paljak a écrit :
> > Have a look at the wiki:
> > http://www.opensc-project.org/opensc/wiki/SecurityConsiderations
>
> Sure.
>
> I am worried about:
> * Application A opens communicati
Hello,
On May 6, 2011, at 16:41 , Frank Morgner wrote:
>>
>> Is there a way to inform opensc-pkcs11.so that a communication is
>> already established by Firefox and that SSH should start without using
>> pkcs11?
>
> AFAIK, SCardConnect immediately returns an error if an application wants
> to acc
Le vendredi 06 mai 2011 à 15:41 +0200, Frank Morgner a écrit :
> AFAIK, SCardConnect immediately returns an error if an application
> wants
> to access a reader which is already in exclusive use. Have you tried
> switching on exclusive mode in the configuration file of OpenSC? (Note
> that this do
Hello,
On May 6, 2011, at 17:16 , Jean-Michel Pouré - GOOZE wrote:
>
> I wonder if there is not a problem in shared more or if we should not
> ask users to use exclusive mode only.
For the sake of usability, exclusive mode should only be used *if needed*.
>From security perspective, it does no
Le vendredi 06 mai 2011 à 17:24 +0300, Martin Paljak a écrit :
> But daily smart card usage usually means using different applications.
OK. But shared mode does not work very well, especially with OpenSSH and
Iceweasel (Firefox) together. I did some heavy testing and found
usability problems in sh
From a user's prospective, having to shut down an application
so another could start is not very friendly. Do we need an
tool to force a logoff/unlock/reset/... so a user could start
an operation with another application, without having to shutdown
the first?
With the mini-driver, Windows login w
On Fri, May 6, 2011 at 5:24 PM, Martin Paljak wrote:
> Hello,
>
>
> On May 6, 2011, at 17:16 , Jean-Michel Pouré - GOOZE wrote:
>>
>> I wonder if there is not a problem in shared more or if we should not
>> ask users to use exclusive mode only.
>
> For the sake of usability, exclusive mode should
El vie, 06-05-2011 a las 16:43 +0200, Jean-Michel Pouré - GOOZE
escribió:
> Le vendredi 06 mai 2011 à 17:24 +0300, Martin Paljak a écrit :
> > But daily smart card usage usually means using different applications.
>
> OK. But shared mode does not work very well, especially with OpenSSH and
> Icewe
On 06/05/2011 21:23, Juan Antonio Martinez wrote:
> Sure: there are some cases where these approach fails:
> SSL renegotiation when signing applet is running; two pkcs11
> trying concurrent access to the card... but this is not
> as usual as thought.
IMHO you could avoid troubles using a simple st
Hi!
> Many thanks Franck and Martin, using exclusive mode solved my problem:
...
> I wonder if there is not a problem in shared more or if we should not
> ask users to use exclusive mode only.
No problem, I had a similar problem where two applications accessed a
smart card. One "initialized" the
14 matches
Mail list logo
