This forum is closed to new posts and
responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:
RE: modification to Logon process ~Umberto Nongeroson 20.Oct.03 06:20 PM a Web browser Notes Client 6.0.2 CF1Windows 2000
Congratulations. :)
If a token supports a protected authentication path, Notes will call C_Login with a NULL PIN and never prompt the user itself. That way, a token can use whatever authentication method it chooses to authenticate the user, be it a simple PIN prompt on the screen, a keypad on the smartcard reader, or even a biometric device of some kind. Since the capability for a protected authentication path is logically one of the properties that is inherent to the token and un-changing, that information is stored in the ID file when the ID file is enabled for smartcard login.
Toggling the CKF_PROTECTED_AUTHENTICATION_PATH flag is unlikely to generate the desired behavior. Notes will call C_Logout to clear the PIN when F5 is pressed or the token is removed -- in fact, the two cases generate identical behavior on the part of Notes. If you are seeing different behavior in those two cases, I would recommend examining the C_Logout behavior to see if all of the sessions are actually being converted from user sessions to public sessions.
If you are not receiving a PIN prompt when Notes is first started, then it seems likely that your protected authentication path code is allowing multiple applications to "share" login state by returning CKR_USER_ALREADY_LOGGED_IN instead of keeping each application's login state independent of the others.
Return to top
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . RE: modification to Logon process (~Tanita Desweve... 20.Oct.03) 
Print this page
