Displaying 3 results from an estimated 3 matches for "ckf_user_pin".
2016 Jun 17
3
ssh-pkcs11.c
...y be
useful for the user, when asked for the PIN, to decide not enter it.
Currently it can only be done by killing ssh. If empty PIN is valid,
but eventually not usual, maybe we should ask if the user really wants
to try a empty pin or just continue to another authentication option?
Regarding the CKF_USER_PIN flags, do you think it is a good idea to
implement the warning messages?
Thanks,
Nuno
2016 Jul 25
3
ssh-pkcs11.c
...n?
>
> Not sure what best solution, but ignoring empty PIN is the same as
> ignoring "cancel" or similar constants, which is more explicit.
> What's wrong with plain <Ctrl>-C, as without PIN there is no use to
> continue session anyway.
>
>> Regarding the CKF_USER_PIN flags, do you think it is a good idea to
>> implement the warning messages?
>
> Most implementations do not support these.
>
> Regards,
> Alon
2016 Jun 17
2
ssh-pkcs11.c
...tually a zero-length PIN will not cause a NULL to be returned, so it
will still try to authenticate and fail the PIN login!
Also, I think it would be great to support the CKF_* flags to provide
some feedback to the user regarding PIN tries left remaining,
something like this:
if (info.flags & CKF_USER_PIN_COUNT_LOW)
printf("WARNING: User PIN count low\n");
else if (info.flags & CKF_USER_PIN_FINAL_TRY)
printf("WARNING: User PIN final try\n");
else if (info.flags & CKF_USER_PIN_LOCKED) /* Maybe we should bail out
here, or just try to continue? */
printf("WARNI...