On Wed, 28 Dec 2016, Iain Morgan wrote: > Hello, > > On RHEL 6/amd64, the stock value for DEFAULT_PKCS11_WHITELIST is not > very useful. On such systems, /usr/lib64/* would need to be added to the > pattern list. Although users can specify the -P option every time they > launch ssh-agent, it might be nice to provide a means to specify a > default whitelist at build-time. > > It's tempting to suggest that configure should automatically supply a > reasonable value for the whitelist based on the platform, but supporting > an option to configure would seem to be the simpler and safer solution. > > % ./configure --with-default-pkcs11-whitelist="/usr/lib64/*' Sounds eminently reasonable. Maybe we could make the portable default "/usr/lib*/*,/usr/local/lib*/*" too? -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
