pkcs11: by default do not lock login
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4359 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
98037b795d
commit
ffc9f8efc6
@ -341,30 +341,32 @@ app opensc-pkcs11 {
|
||||
# Default: true
|
||||
# hide_empty_tokens = false;
|
||||
|
||||
# By default, the OpenSC PKCS#11 module will lock your card
|
||||
# By default, the OpenSC PKCS#11 module will not lock your card
|
||||
# once you authenticate to the card via C_Login.
|
||||
# This is to prevent other users or other applications
|
||||
#
|
||||
# Thus the other users or other applications is not prevented
|
||||
# from connecting to the card and perform crypto operations
|
||||
# (which may be possible because you have already authenticated
|
||||
# with the card). Thus this setting is very secure.
|
||||
# with the card). This setting is not very secure.
|
||||
#
|
||||
# This behavior is a known violation of PKCS#11 specification,
|
||||
# and is forced due to limitation of the OpenSC framework.
|
||||
# Also, if your card is not locked, you can enconter problems
|
||||
# due to limitation of the OpenSC framework, that still is not
|
||||
# thoroughly tested in the multi threads environment.
|
||||
#
|
||||
# However now once one application has started using your
|
||||
# Your settings will be more secure if you choose to lock your
|
||||
# card. Nevertheless this behavior is a known violation of PKCS#11
|
||||
# specification. Now once one application has started using your
|
||||
# card with C_Login, no other application can use it, until
|
||||
# the first is done and calls C_Logout or C_Finalize.
|
||||
# In the case of many PKCS#11 application this does not happen
|
||||
# until you exit the application.
|
||||
#
|
||||
# Thus it is impossible to use several smart card aware
|
||||
# applications at the same time, e.g. you cannot run both
|
||||
# Firefox and Thunderbird at the same time, if both are
|
||||
# configured to use your smart card.
|
||||
#
|
||||
# Default: true
|
||||
# lock_login = false;
|
||||
# the first is done and calls C_Logout or C_Finalize. In the case
|
||||
# of many PKCS#11 application this does not happen until you exit
|
||||
# the application.
|
||||
# Thus it is impossible to use several smart card aware applications
|
||||
# at the same time, e.g. you cannot run both Firefox and Thunderbird at
|
||||
# the same time, if both are configured to use your smart card.
|
||||
#
|
||||
# Default: false
|
||||
# lock_login = true;
|
||||
|
||||
# Set this value to true if you want to allow off-card
|
||||
# keypair generation (in software on your pc)
|
||||
#
|
||||
|
@ -289,7 +289,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
||||
conf->max_virtual_slots = 16;
|
||||
conf->slots_per_card = 4;
|
||||
conf->hide_empty_tokens = 1;
|
||||
conf->lock_login = 1;
|
||||
conf->lock_login = 0;
|
||||
conf->soft_keygen_allowed = 0;
|
||||
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED;
|
||||
conf->create_puk_slot = 0;
|
||||
|
Loading…
Reference in New Issue
Block a user