commented out everything.
now you can install those files to your etc, it will not hurt you. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1722 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
115bd355ed
commit
f2803e1a74
@ -6,13 +6,13 @@
|
||||
# Default values for any application
|
||||
# These can be overrided by an application
|
||||
# specific configuration block.
|
||||
app default {
|
||||
#app default {
|
||||
# Amount of debug info to print
|
||||
#
|
||||
# A greater value means more debug info.
|
||||
# Default: 0
|
||||
#
|
||||
debug = 0;
|
||||
#debug = 0;
|
||||
|
||||
# The file to which debug output will be written
|
||||
#
|
||||
@ -38,41 +38,28 @@ app default {
|
||||
#
|
||||
# reader_drivers = pcsc, ctapi;
|
||||
|
||||
reader_driver ctapi {
|
||||
module /usr/local/towitoko/lib/libtowitoko.so {
|
||||
#reader_driver ctapi {
|
||||
#module /usr/local/towitoko/lib/libtowitoko.so {
|
||||
# CT-API ports:
|
||||
# 0..3 COM1..4
|
||||
# 4 Printer
|
||||
# 5 Modem
|
||||
# 6..7 LPT1..2
|
||||
ports = 0;
|
||||
}
|
||||
#ports = 0;
|
||||
#}
|
||||
# module /usr/local/lib/ctapi/ctapi2.so {
|
||||
# ports = 1, 6;
|
||||
# }
|
||||
}
|
||||
#}
|
||||
|
||||
reader_driver pcsc {
|
||||
# Whether to transform some APDU's from one case to another
|
||||
# Possible values:
|
||||
# none: Don't transform any APDU's
|
||||
# case4as3: For T=0, send a case 4 APDU as case 3,
|
||||
# (no Lc byte) the card will send back
|
||||
# a 61xx SW, and we will follow up with a
|
||||
# GetResponse command
|
||||
# The SCM SCR111, Sun SCF, and e-gate readers
|
||||
# seem to require this.
|
||||
# case1as2: For T=0, send a case 1 APDU as case 2.
|
||||
# (append an Le byte of 0)
|
||||
# The Sun SCF and e-gate readers seem to
|
||||
# require this
|
||||
# case1as2_always: for any T=0/1, send a case 1 APDU as
|
||||
# case 2.
|
||||
# The Sun SCF reader may require this
|
||||
# Default: none
|
||||
#reader_driver pcsc {
|
||||
# Whether to convert Case 4 APDUs to Case 3
|
||||
#
|
||||
apdu_masquerade = none;
|
||||
}
|
||||
# At least SCM SCR111 reader seems to require this.
|
||||
# Default: false
|
||||
#
|
||||
#apdu_fix = false;
|
||||
#}
|
||||
|
||||
# What card drivers to load at start-up
|
||||
#
|
||||
@ -116,9 +103,9 @@ app default {
|
||||
# }
|
||||
|
||||
# GPK card driver
|
||||
card_driver gpk {
|
||||
#card_driver gpk {
|
||||
# atr = 00:11:22;
|
||||
}
|
||||
#}
|
||||
|
||||
# Force using specific card driver
|
||||
#
|
||||
@ -132,7 +119,7 @@ app default {
|
||||
# Below are the framework specific configuration blocks.
|
||||
|
||||
# PKCS #15
|
||||
framework pkcs15 {
|
||||
#framework pkcs15 {
|
||||
# Whether to use the cache files in the user's
|
||||
# home directory.
|
||||
#
|
||||
@ -144,24 +131,24 @@ app default {
|
||||
# applications.
|
||||
# Default: false
|
||||
#
|
||||
use_caching = true;
|
||||
#use_caching = true;
|
||||
# Use the following dynamic libraries for a read-only
|
||||
# PKCS#15 emulation of non pkcs15 cards.
|
||||
#
|
||||
# pkcs15_syn = p15_starcert.so;
|
||||
}
|
||||
}
|
||||
#}
|
||||
#}
|
||||
|
||||
# For applications that use SCAM (pam_opensc, sia_opensc)
|
||||
app scam {
|
||||
framework pkcs15 {
|
||||
use_caching = false;
|
||||
}
|
||||
}
|
||||
#app scam {
|
||||
#framework pkcs15 {
|
||||
#use_caching = false;
|
||||
#}
|
||||
#}
|
||||
|
||||
# Parameters for the OpenSC PKCS11 module
|
||||
app opensc-pkcs11 {
|
||||
pkcs11 {
|
||||
#app opensc-pkcs11 {
|
||||
#pkcs11 {
|
||||
# Maxmimum number of slots per smart card.
|
||||
# If the card has fewer keys than defined here,
|
||||
# the remaining number of slots will be empty.
|
||||
@ -169,7 +156,7 @@ app opensc-pkcs11 {
|
||||
# Note that there is currently a compile time
|
||||
# maximum on the overall number of slots
|
||||
# the pkcs11 module is able to handle.
|
||||
num_slots = 4;
|
||||
#num_slots = 4;
|
||||
|
||||
# Normally, the pkcs11 module will create
|
||||
# the full number of slots defined above by
|
||||
@ -180,7 +167,7 @@ app opensc-pkcs11 {
|
||||
#
|
||||
# Set this option to true to hide these empty
|
||||
# slots.
|
||||
hide_empty_tokens = false;
|
||||
#hide_empty_slots = false;
|
||||
|
||||
# By default, the OpenSC PKCS#11 module will
|
||||
# try to lock this card once you have authenticated
|
||||
@ -194,7 +181,7 @@ app opensc-pkcs11 {
|
||||
# has done a C_Logout or C_Finalize. In the case of
|
||||
# Netscape or Mozilla, this does not happen until
|
||||
# you exit the browser.
|
||||
lock_login = true;
|
||||
#lock_login = true;
|
||||
|
||||
# Normally, the pkcs11 module will not cache PINs
|
||||
# presented via C_Login. However, some cards
|
||||
@ -206,21 +193,21 @@ app opensc-pkcs11 {
|
||||
# cache_pins = true
|
||||
#
|
||||
# Default: false
|
||||
cache_pins = false;
|
||||
#cache_pins = false;
|
||||
|
||||
# Set this value to false if you want to enfore on-card
|
||||
# keypair generation
|
||||
#
|
||||
# Default: true
|
||||
soft_keygen_allowed = true;
|
||||
}
|
||||
}
|
||||
#soft_keygen_allowed = true;
|
||||
#}
|
||||
#}
|
||||
|
||||
# Parameters for the OpenSC PKCS11-Spy module, that logs all the
|
||||
# communication between a pkcs11 module and it's calling application:
|
||||
# app <--> pkcs11-spy <--> pkcs11 module
|
||||
app pkcs11-spy {
|
||||
spy {
|
||||
#app pkcs11-spy {
|
||||
#spy {
|
||||
# Where to log to.
|
||||
#
|
||||
# By default, the value of the PKCS11SPY_OUTPUT environment
|
||||
@ -236,5 +223,5 @@ app pkcs11-spy {
|
||||
# opensc-pkcs11.so is used.
|
||||
#
|
||||
#module = opensc-pkcs11.so;
|
||||
}
|
||||
}
|
||||
#}
|
||||
#}
|
||||
|
@ -1,94 +1,94 @@
|
||||
# Configuration file for OpenSC / scldap
|
||||
# Example configuration file
|
||||
|
||||
ldap example {
|
||||
#ldap example {
|
||||
# Hostname for LDAP server (required)
|
||||
ldaphost = "ldap.foobar.tld";
|
||||
#ldaphost = "ldap.foobar.tld";
|
||||
# Port for LDAP server
|
||||
ldapport = 389;
|
||||
#ldapport = 389;
|
||||
# Scope for ldap search
|
||||
# 0 = LDAP_SCOPE_BASE
|
||||
# 1 = LDAP_SCOPE_ONELEVEL
|
||||
# 2 = LDAP_SCOPE_SUBTREE
|
||||
scope = 2;
|
||||
#scope = 2;
|
||||
# Use the Distinguished Name to
|
||||
# bind to the LDAP directory
|
||||
binddn = "cn=public,dc=cc,dc=foobar,dc=tld";
|
||||
#binddn = "cn=public,dc=cc,dc=foobar,dc=tld";
|
||||
# Use passwd as the password for simple authentication
|
||||
passwd = "bazfoo";
|
||||
#passwd = "bazfoo";
|
||||
# Use base as the starting point for the
|
||||
# search instead of the default
|
||||
base = "dc=foobar,dc=tld";
|
||||
#base = "dc=foobar,dc=tld";
|
||||
# Search attribute(s)
|
||||
attributes = "cert", "user";
|
||||
#attributes = "cert", "user";
|
||||
# Search filter. (required)
|
||||
# formatted searches like (user=%s) are accepted
|
||||
filter = "(identifier=foobarAuthority)";
|
||||
}
|
||||
#filter = "(identifier=foobarAuthority)";
|
||||
#}
|
||||
|
||||
# Test cards
|
||||
card "FINEID S4-1-1", "VRK-FINSIGN" {
|
||||
ldap "auth certificate" {
|
||||
ldaphost = ldap.example.com;
|
||||
ldapport = 389;
|
||||
scope = 2;
|
||||
base = "dc=example,dc=com";
|
||||
attributes = userCertificate;
|
||||
filter = "(uniqueIdentifier=%s)";
|
||||
}
|
||||
ldap crl {
|
||||
#card "FINEID S4-1-1", "VRK-FINSIGN" {
|
||||
#ldap "auth certificate" {
|
||||
#ldaphost = ldap.example.com;
|
||||
#ldapport = 389;
|
||||
#scope = 2;
|
||||
#base = "dc=example,dc=com";
|
||||
#attributes = userCertificate;
|
||||
#filter = "(uniqueIdentifier=%s)";
|
||||
#}
|
||||
#ldap crl {
|
||||
# unnecessary, data for crl is usually generated from
|
||||
# auth cert's crlDistributionPoints
|
||||
ldaphost = ldap.example.com;
|
||||
ldapport = 389;
|
||||
scope = 2;
|
||||
base = "dc=example,dc=com";
|
||||
}
|
||||
ldap "ca certificate" {
|
||||
ldaphost = ldap.example.com;
|
||||
ldapport = 389;
|
||||
scope = 2;
|
||||
base = "dc=example,dc=com";
|
||||
attributes = cACertificate;
|
||||
filter = "(objectClass=fineidCertificationAuthority)";
|
||||
}
|
||||
ldap "approx base" {
|
||||
ldaphost = ldap.example.com;
|
||||
ldapport = 389;
|
||||
scope = 2;
|
||||
base = "dc=example,dc=com";
|
||||
}
|
||||
}
|
||||
#ldaphost = ldap.example.com;
|
||||
#ldapport = 389;
|
||||
#scope = 2;
|
||||
#base = "dc=example,dc=com";
|
||||
#}
|
||||
#ldap "ca certificate" {
|
||||
#ldaphost = ldap.example.com;
|
||||
#ldapport = 389;
|
||||
#scope = 2;
|
||||
#base = "dc=example,dc=com";
|
||||
#attributes = cACertificate;
|
||||
#filter = "(objectClass=fineidCertificationAuthority)";
|
||||
#}
|
||||
#ldap "approx base" {
|
||||
#ldaphost = ldap.example.com;
|
||||
#ldapport = 389;
|
||||
#scope = 2;
|
||||
#base = "dc=example,dc=com";
|
||||
#}
|
||||
#}
|
||||
|
||||
card "FINEID S4-1", "VRK-FINSIGN" {
|
||||
ldap "auth certificate" {
|
||||
ldaphost = ldap.example.com;
|
||||
ldapport = 389;
|
||||
scope = 2;
|
||||
base = "dc=example,dc=com";
|
||||
attributes = userCertificate;
|
||||
filter = "(uniqueIdentifier=%s)";
|
||||
}
|
||||
ldap crl {
|
||||
#card "FINEID S4-1", "VRK-FINSIGN" {
|
||||
#ldap "auth certificate" {
|
||||
#ldaphost = ldap.example.com;
|
||||
#ldapport = 389;
|
||||
#scope = 2;
|
||||
#base = "dc=example,dc=com";
|
||||
#attributes = userCertificate;
|
||||
#filter = "(uniqueIdentifier=%s)";
|
||||
#}
|
||||
#ldap crl {
|
||||
# unnecessary, data for crl is usually generated from
|
||||
# auth cert's crlDistributionPoints
|
||||
ldaphost = ldap.example.com;
|
||||
ldapport = 389;
|
||||
scope = 2;
|
||||
base = "dc=example,dc=com";
|
||||
}
|
||||
ldap "ca certificate" {
|
||||
ldaphost = ldap.example.com;
|
||||
ldapport = 389;
|
||||
scope = 2;
|
||||
base = "dc=example,dc=com";
|
||||
attributes = cACertificate;
|
||||
filter = "(objectClass=fineidCertificationAuthority)";
|
||||
}
|
||||
ldap "approx base" {
|
||||
ldaphost = ldap.example.com;
|
||||
ldapport = 389;
|
||||
scope = 2;
|
||||
base = "dc=example,dc=com";
|
||||
}
|
||||
}
|
||||
#ldaphost = ldap.example.com;
|
||||
#ldapport = 389;
|
||||
#scope = 2;
|
||||
#base = "dc=example,dc=com";
|
||||
#}
|
||||
#ldap "ca certificate" {
|
||||
#ldaphost = ldap.example.com;
|
||||
#ldapport = 389;
|
||||
#scope = 2;
|
||||
#base = "dc=example,dc=com";
|
||||
#attributes = cACertificate;
|
||||
#filter = "(objectClass=fineidCertificationAuthority)";
|
||||
#}
|
||||
#ldap "approx base" {
|
||||
#ldaphost = ldap.example.com;
|
||||
#ldapport = 389;
|
||||
#scope = 2;
|
||||
#base = "dc=example,dc=com";
|
||||
#}
|
||||
##}
|
||||
|
Loading…
Reference in New Issue
Block a user