| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
5.3.2 Initialization
To allow all the GnuTLS applications to access PKCS #11 tokens
it is advisable to use /etc/pkcs11/modules/mymodule.conf. This file has the following
format:
module: /usr/lib/opensc-pkcs11.so |
If you use this file, then there is no need for other initialization in GnuTLS, except for the PIN and token functions. Those allow retrieving a PIN when accessing a protected object, such as a private key, as well as probe the user to insert the token. All the initialization functions are below.
Note that due to limitations of PKCS #11 there are issues when multiple libraries are sharing a module. To avoid this problem GnuTLS uses p11-kit(10) that provides a middleware to control access to resources over the multiple users.