Menu
▾
▴
Re: [Opensc-devel] One bad PIN entry locks card
|
From: Ernie K. <ern...@gm...> - 2016-10-11 19:21:21
|
PROBLEM SOLVED
Thanks, everyone! The problem turned out to be in our use of JSS.
The JSS PK11Token login method takes a password callback handler. The
handler has a getPasswordAgain method that's used for retries, and
returning anything but null will result in a locked card.
The handler should look something like this:
PasswordCallback pwcb = new PasswordCallback() {
@Override
public Password getPasswordFirstAttempt(PasswordCallbackInfo info)
throws GiveUpException {
return new Password(pin.toCharArray());
}
@Override
public Password getPasswordAgain(PasswordCallbackInfo info) throws
GiveUpException {
return null;
}
};
This results in the expected IncorrectPasswordException when the PIN is bad.
Thanks again -
Ernie
On Mon, Oct 10, 2016 at 10:53 PM, Frank Morgner <fra...@go...
> wrote:
> Have you looked at the patches which add support for cac
> https://github.com/OpenSC/OpenSC/pull/841?
>
> Am 9. Oktober 2016 19:24:13 MESZ, schrieb Ernie Kovak <
> ern...@gm...>:
>
>> Hello -
>>
>> We're using NSS (JSS4 and NSS 3.20) with an OpenSC 0.16.0 module to
>> interact with a DoD CAC. CACs will lock after 3 consecutive bad PIN
>> entries, of course, and we're finding that if the user enters a bad PIN
>> even once, that hard limit is exceeded and the card is locked.
>>
>> I've substituted an ActivClient module and found that it does not lock
>> the card, so it seems like OpenSC is retrying with a bad PIN??
>>
>> If that's true, is there a configuration item that I can set to suppress
>> retries in this case?
>>
>> Thanks!
>> Ernie
>>
>> ------------------------------
>>
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>
>> ------------------------------
>>
>> Opensc-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>
>>
> --
> Frank Morgner
>
|
