CAC modules
David Woodhouse
dwmw2 at infradead.org
Wed Jul 11 17:27:37 EDT 2012
On Wed, 2012-07-11 at 16:35 -0400, Mcclelland, Michael B Mr CTR USN USA
wrote:
> So if I understand you right...
> out of the full:
> pkcs11:library-description=CoolKey%20PKCS%20%2311%20Module%20%20%20%20%20%00%00%00;library-manufacturer=Mozilla%20Foundation;model=%20;manufacturer=%20;serial=%20;token=MCCLELLAND.MICHAEL.BLAIR.1250312;id=%00%03;object=CAC%20Email%20Encryption%20Certificate;object-type=private
>
> I just use
> Pkcs11: CoolKey%20PKCS%20%2311%20Module%20%20%20%20%20%00%00%00
>
> Sorry for asking to be spoon fed. I have very limited attempts to login before my card locks itself
It doesn't *hurt* to use the whole thing, but you ought to get away with
just pkcs11:id=%00%03;object=CAC%20Email%20Encryption%20Certificate
Hopefully your token shouldn't lock you out just for using an object
that doesn't exist; only if you get the PIN wrong?
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120711/41e4be20/attachment.bin>
More information about the openconnect-devel
mailing list