similar to: [PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11

Displaying 20 results from an estimated 300 matches similar to: "[PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11"

2016 Nov 16
2
[PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11
I find this approach very bad in general.? PKCS#11 standard says that *private* keys should not be accessible without authentication. *Public* keys and certificates of course can and should be accessible with no authentication. SoftHSM misinterpreted this originally (older pkcs11 documents were less clear :), but they rectified this mistake. We should not repeat it.?
2024 Sep 23
1
[PATCH] sshd: Add pkcs11 support for HostKey.
Hello, OpenSSH supports PKCS#11 on the client side, but that does not extend to the server side. I would like to bring PKCS#11 support to sshd. I am working on embedded Linux systems with integrated HSM. The sshd host key is stored on the HSM. To have sshd using that key, we rely on the following chain: sshd -> OpenSSL -> OpenSSL Engine -> HSM Having PKCS#11 support in sshd, would
2016 Nov 16
2
[PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11
On 11/16/16, 8:55 AM, "openssh-unix-dev on behalf of Juha-Matti Tapio" <openssh-unix-dev-bounces+uri=ll.mit.edu at mindrot.org on behalf of jmtapio at ssh.com> wrote: On Wed, Nov 16, 2016 at 12:54:44PM +0000, Blumenthal, Uri - 0553 - MITLL wrote: > I find this approach very bad in general. > > PKCS#11 standard says that *private* keys should not be
2005 Dec 13
3
Ices0 and ShoutCast (and KiSS)
I have successfully set up a system with Ices0.4 and IceCast2.20 (and Tunez). It plays well using mpg123 or WinAmp. But I would like to use also my KiSS DVD player for the stream, and I have not been able to do so - It appearently needs 110% SHOUTcast compatibility. So I tried the IceCast2.3.1 - but it still didn't like the KiSS (or the other way around). In stead, I have added a SHOUTcast
2017 Jan 11
2
HSM
I think there may be some confusion here. By HSM I was referring to Hierarchical Storage Management, whereby there are multiple levels of storage (fast+expensive <-> slow+cheap) and files migrate up or down. Originally it was used to keep data on tape with the metadata residing on disk though it has been expanded to allow a SAS/SATA hierarchy. Quite where PKI comes in I'm not sure,
2017 Jan 11
2
HSM
Hmm, don't you just love changing terminology! I've been using HSM systems at work since '99. BTW, DMAPI is the Data Management API which was a common(ish) extension used by amongst others SGI and IBM. Back to lvmcache. It looks interesting. I'd earlier dismissed LVM since it is block orientated, not file orientated. Probably because my mental image is of files migrating to
2017 Jan 11
3
HSM
Purely from interest, is there any current FOSS implementation of HSM? I note that XFS has dropped support for DMAPI, have other filesystems? Regards, Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL:
2007 Jan 03
1
To Andrew Tridgell -- new Samba forum
Andrew, I have a software which need the following package but I can't find it in Internet. Could you advice me where I can download it? samba-3.0.10-1.4E6.HSM.2.i386 samba-common-3.0.10-1.3E.6.HSM.2 samba-client-3.0.10-1.4E.6.HSM.2 Thanks, Isaac Chan
2006 May 24
1
ZFS and HSM
I said I had several questions to start threads on.... What about ZFS and various HSM solutions? Do any of them already work with ZFS? Are any going to? It seems like HSM solutions that access things at a file level would have little trouble integrating with ZFS. But ones that work at a block level would have a harder time. On that same thread, what about support for DMAPI within ZFS?
2016 Dec 13
4
pkcs #11/hardware support for server keys/sshd?
Hello, Is there any support (existing or planned) for host keys/certs being managed by some hardware device (tpm,hsm,etc..) instead of a flat file? thanks, -Kenny
2008 Jun 05
1
samba GPFS and HSM?
Hi - I was wondering if any of you may be able to point me in the right direction. I am in the process of designing a fairly large fileserver solution in an MS Active directory environment. I have setup and tested ctdb samba, however, after several discussions with a couple of my colleagues, i am now considering a more vanilla flavour of samba. The key features the solution requires are: •
2019 Oct 30
1
Dovecot HSM
Hi. I'm looking for a tutorial/how-to for a HSM (Hierarchical /Storage/ Management). keeping old messages for a user in a cheap storage and recent messages in a faster one. I see on dovecot2 wiki an alternative for hsm as "Alternate storage", but I don't now if it's a good solution for me. The expected result is a faster imap/pop access for new messages on a
2005 May 22
11
[Bug 2734] --delete doesn't work
https://bugzilla.samba.org/show_bug.cgi?id=2734 ------- Additional Comments From vanes002@umn.edu 2005-05-21 22:15 ------- Your rsync options (-arRWxn) include -n, so nothing is actually going to get deleted on the destination, even though rsync reports that they are being deleted (which is what -n is for - i.e. to preview what will happen). -- Configure bugmail:
2009 Mar 11
2
HSM devices and FreeBSD
I am essentially asking the same question that Eirik Overby asked a couple of years ago. Is anyone aware of PCI-X/PCIe hardware security modules that are supported on FreeBSD? I have not seen any on the FreeBSD hardware compatibility lists. Again, as Eirik noted in his question, HSMs are not simply crypto accelerators (which are supported on FreeBSD), they also are a means of storing keys
2023 Apr 10
6
[Bug 3561] New: Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11
https://bugzilla.mindrot.org/show_bug.cgi?id=3561 Bug ID: 3561 Summary: Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11 Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5
2007 Oct 11
1
--detect-renamed question
I've started testing the detect-renamed patch with 2.6.9 and soon 3.0.0pre1. I have an unique situation where I'm rsync'ing to a HSM based filesystem. I've found that the detect-renamed patch works but it appears to do a copy of the file to the new destination. This is particular slow since the file in the HSM based filesystem may only be a stub and all the data is only resident
2020 Aug 26
10
[Bug 3202] New: Ed25519 key on HSM is not getting listed in ssh-add -l command
https://bugzilla.mindrot.org/show_bug.cgi?id=3202 Bug ID: 3202 Summary: Ed25519 key on HSM is not getting listed in ssh-add -l command Product: Portable OpenSSH Version: 8.2p1 Hardware: ARM64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-add
2006 Nov 30
2
Samba File Shares growing out of control
Can anyone recommend any solutions for plucking files out of my samba shares that haven't been used in a while. I would like someway to move them off to some archive solution. _________________________________________________________________ Express yourself with gadgets on Windows Live Spaces http://discoverspaces.live.com?source=hmtag1&loc=us
2008 Jul 31
1
Setting (exposing) FILE_ATTRIBUTE_OFFLINE for a share
Hi all, Back in 2002 I opened a discussion on the samba-technical mailing list regarding the WinNT FILE_ATTRIBUTE_OFFLINE ( http://lists.samba.org/archive/samba-technical/2002-April/020969.html). Meanwhile some FILE_ATTRIBUTE_OFFLINE handling was implemented in the 'trunk' Samba. Currently (Samba 3.0.28a-1ubuntu4.4) provides the 'dmapi support' option for representing the
2006 Feb 28
1
scp and SGI DMF
Hello, For some time now, our users have been encountering a problem when using scp to overwrite files on our mass-storage system, which uses SGI's DMF product. I don't have any data as to whether or not any other HSMs would be similarly affected. The scenario is that a user is overwriting a file (via scp) that has previously been migrated to tape. The scp opens the file for writing, but