Summary: | Create daemon for running pkcs#11 modules in a shared mode | ||
---|---|---|---|
Product: | p11-glue | Reporter: | Stef Walter <stefw> |
Component: | p11-kit | Assignee: | Stef Walter <stefw> |
Status: | NEW --- | QA Contact: | |
Severity: | normal | ||
Priority: | medium | CC: | guillaume.desmottes, n.mavrogiannopoulos, redhat |
Version: | unspecified | ||
Hardware: | Other | ||
OS: | All | ||
Whiteboard: | |||
i915 platform: | i915 features: | ||
Bug Depends on: | 54105 | ||
Bug Blocks: |
Description
Stef Walter
2012-07-10 14:22:53 UTC
There's more progress on this than the bug belies. Hopefully I'll have my WIP branch in order soon. Some notes on this: * Add a setting to p11-kit module configs which make a module automatically load in shared mode in the daemon instead of in-process. Maybe something like this in the module config: remote: session-daemon * The daemon would be autostarted if not already running. Taking cues from how gpg2 starts gpg-agent. This would be started if any modules are 'session-daemon' see above. To do the above we would create a p11-kit-daemon binary. Although not strictly related to the daemon, I'd also like to support exec'ing a process and talking PKCS#11 RPC to it on stdio. We could install a 'p11-kit-remote' executable for this, which talks PKCS#11 RPC on stdio, and loads a specific module. This has two use cases: * Running a PKCS#11 module in another process, for security reasons. That process could be locked down via SELinux and so on. Maybe with a config line like this: remote: separate-process * Running a PKCS#11 module on another machine, similar to what pkcs11_proxy does. You would add a line like this to the module config: remote: ssh hostname.example.com /usr/libexec/p11-kit-remote my-module-name All of the above would only work on Unix, and not be compiled for win32. Maybe it will be interesting for you that FreeIPA&SSSD projects plan to implement something like this... Contact freeipa-devel@redhat.com if you want to know more details. Have a nice day! |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.