pkinit prompting behavior issue
Jeffrey Hutzelman
jhutz at cmu.edu
Tue Feb 23 11:38:05 EST 2010
--On Tuesday, February 23, 2010 10:21:50 AM -0600 Nicolas Williams
<Nicolas.Williams at sun.com> wrote:
> As for PKCS#11 softtokens on USB drives... I believe that a softtoken
> implementation should present N virtual slots, all empty, and when
> removable media becomes available (mounted) it should search the
> top-level for softtoken files, then pick the first available virtual
> slot and pretend that there is now a token in that slot (and
> C_Wait4Slot() should allow you to wait on a virtual slot). Of course,
> having virtual softtoken slots means that one could not skip an "insert
> token" prompt on the basis of there being no slots.
We're not talking only about USB softtokens. We're also talking about real
tokens, which present as a USB-connected smartcard "reader" containing a
"card" which is an integral part of the device. Until you insert the USB
token, the reader is not present in the system. Of course, there are
non-smartcard devices that behave the same way.
More information about the krbdev
mailing list