[Bug 2638] New: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private objects

bugzilla-daemon Fri, 11 Nov 2016 03:10:28 -0800

https://bugzilla.mindrot.org/show_bug.cgi?id=2638


            Bug ID: 2638
           Summary: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the
                     private objects
           Product: Portable OpenSSH
           Version: 7.3p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Keywords: patch
          Severity: enhancement
          Priority: P5
         Component: Smartcard
          Assignee: [email protected]
          Reporter: [email protected]

Created attachment 2890
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2890&action=edit
[PATCH] Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private
objects

We don't need to care about always_authenticate attribute in case of
simple  ssh  connections, because the private key operation is
performed only once (immediately after login). But this is a problem in
 ssh-agent  which can authenticate more connections.

This patch introduces the additional login (the pin is requested using
SSH_ASKPASS if defined) if this attribute is not CK_FALSE.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2638] New: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private objects

Reply via email to