Jonathan : does booting with the token already inserted (before the notification pops up) work ? Does a workaround where we would filter out configurations that use pkcs#11 so that they are not autostarted make sense ? Would looking for "pkcs11-id" in the configuration be enough to detect them ?
According to http:// svn.openvpn. net/projects/ openvpn/ branches/ BETA21/ openvpn/ management/ management- notes.txt the NEED-OK line is a notification that is supposed to be acked using the management interface (issue a "needok token-insertion -request ok" command to the management port)... That makes it quite unsuitable at boot-up time.
See also discussions from other users not happy with this on : sourceforge. net/mailarchive /message. php?msg_ id=48BF842A. 1040901% 40aixigo. de
http://
Jonathan : does booting with the token already inserted (before the notification pops up) work ? Does a workaround where we would filter out configurations that use pkcs#11 so that they are not autostarted make sense ? Would looking for "pkcs11-id" in the configuration be enough to detect them ?