diff --git a/ocki-2.2.6-PIN-backspace.patch b/ocki-2.2.6-PIN-backspace.patch
new file mode 100644
index 0000000..90d3424
--- /dev/null
+++ b/ocki-2.2.6-PIN-backspace.patch
@@ -0,0 +1,228 @@
+--- usr/sbin/pkcsconf/pkcsconf.c
++++ usr/sbin/pkcsconf/pkcsconf.c
+@@ -333,7 +333,7 @@
+ CK_RV init(void);
+ void  usage(char *);
+ int   echo(int);
+-void  get_pin(CK_CHAR **);
++int   get_pin(CK_CHAR **);
+ CK_RV cleanup(void);
+ CK_RV display_pkcs11_info(void);
+ CK_RV get_slot_list(int, CK_CHAR_PTR);
+@@ -499,9 +499,13 @@
+     * the SO pin, if not ask for the PIN */
+    if (flags & CFG_INITIALIZE){
+       if (~flags & CFG_SO_PIN){
+-         printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
+-         fflush(stdout);
+-         get_pin(&(sopin));
++	      int rc;
++
++	      do {
++		      printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
++		      fflush(stdout);
++		      rc = get_pin(&(sopin));
++	      } while (rc == -EINVAL);
+       }
+       rc = init_token(sopin);
+    }
+@@ -511,18 +515,29 @@
+     * the New User PIN on the command line if not ask for the PIN and verify it */
+    if (flags & CFG_INIT_USER){
+       if (~flags & CFG_SO_PIN) {
+-         printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
+-         fflush(stdout);
+-         get_pin(&sopin);
++	      int rc;
++
++	      do {
++		      printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
++		      fflush(stdout);
++		      rc = get_pin(&sopin);
++	      } while (rc == -EINVAL);
+       }
+       if (~flags & CFG_NEW_PIN) {
+-         printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: "));
+-         fflush(stdout);
+-         get_pin(&newpin);
+-	 newpinlen = strlen(newpin);
+-         printf(PKCSINIT_MSG(VNEWUSER, "Re-enter the new user PIN: "));
+-         fflush(stdout);
+-         get_pin(&newpin2);
++	      int rc;
++
++	      do {
++		      printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: "));
++		      fflush(stdout);
++		      rc = get_pin(&newpin);
++	      } while (rc == -EINVAL);
++	      newpinlen = strlen(newpin);
++	      do {
++		      printf(PKCSINIT_MSG(VNEWUSER,
++					  "Re-enter the new user PIN: "));
++		      fflush(stdout);
++		      rc = get_pin(&newpin2);
++	      } while (rc == -EINVAL);
+ 	 newpin2len = strlen(newpin2);
+          if (newpinlen != newpin2len || memcmp(newpin, newpin2, strlen((char *)newpin)) != 0) {
+             printf(PKCSINIT_MSG(PINMISMATCH, "New PINs do not match.\n"));
+@@ -537,18 +552,28 @@
+     * current SO PIN and the New PIN in.  If not prompt and validate them. */
+    if (flags & CFG_SET_SO){
+       if (~flags & CFG_SO_PIN) {
+-         printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
+-         fflush(stdout);
+-         get_pin(&sopin);
++	      int rc;
++
++	      do {
++		      printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
++		      fflush(stdout);
++		      rc = get_pin(&sopin);
++	      } while (rc == -EINVAL);
+       }
+       if (~flags & CFG_NEW_PIN) {
+-         printf(PKCSINIT_MSG(NEWSO, "Enter the new SO PIN: "));
+-         fflush(stdout);
+-         get_pin(&newpin);
++	      int rc;
++
++	      do {
++		      printf(PKCSINIT_MSG(NEWSO, "Enter the new SO PIN: "));
++		      fflush(stdout);
++		      rc = get_pin(&newpin);
++	      } while (rc == -EINVAL);
+ 	 newpinlen = strlen(newpin);
+-         printf(PKCSINIT_MSG(VNEWSO, "Re-enter the new SO PIN: "));
+-         fflush(stdout);
+-         get_pin(&newpin2);
++	      do {
++		      printf(PKCSINIT_MSG(VNEWSO, "Re-enter the new SO PIN: "));
++		      fflush(stdout);
++		      rc = get_pin(&newpin2);
++	      } while (rc == -EINVAL);
+ 	 newpin2len = strlen(newpin2);
+          if (newpinlen != newpin2len || memcmp(newpin, newpin2, strlen((char *)newpin)) != 0) {
+             printf(PKCSINIT_MSG(PINMISMATCH, "New PINs do not match.\n"));
+@@ -563,18 +588,26 @@
+     * current User PIN and the New PIN in.  If not prompt and validate them. */
+    if (flags & CFG_SET_USER){
+       if (~flags & CFG_USER_PIN) {
+-         printf(PKCSINIT_MSG(USERPIN, "Enter user PIN: "));
+-         fflush(stdout);
+-         get_pin(&pin);
++	      int rc;
++
++	      do {
++		      printf(PKCSINIT_MSG(USERPIN, "Enter user PIN: "));
++		      fflush(stdout);
++		      rc = get_pin(&pin);
++	      } while (rc == -EINVAL);
+       }
+       if (~flags & CFG_NEW_PIN) {
+-         printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: "));
+-         fflush(stdout);
+-         get_pin(&newpin);
+-	 newpinlen = strlen(newpin);
+-         printf(PKCSINIT_MSG(VNEWUSER, "Re-enter the new user PIN: "));
+-         fflush(stdout);
+-         get_pin(&newpin2);
++	      do {
++		      printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: "));
++		      fflush(stdout);
++		      rc = get_pin(&newpin);
++	      } while (rc == -EINVAL);
++	      newpinlen = strlen(newpin);
++	      do {
++		      printf(PKCSINIT_MSG(VNEWUSER, "Re-enter the new user PIN: "));
++		      fflush(stdout);
++		      rc = get_pin(&newpin2);
++	      } while (rc == -EINVAL);
+ 	 newpin2len = strlen(newpin2);
+          if (newpinlen != newpin2len || memcmp(newpin, newpin2, strlen((char *)newpin)) != 0) {
+             printf(PKCSINIT_MSG(PINMISMATCH, "New PINs do not match.\n"));
+@@ -619,41 +652,49 @@
+ 
+ }
+ 
+-void
+-get_pin(CK_CHAR ** pin){
+-   int  count = 0;
+-   char buff[PIN_SIZE] = { 0 }, c = 0;
+-
+-   /* Turn off echoing to the terminal when getting the password */
+-   echo(FALSE);
+-
+-   /* Get each character and print out a '*' for each input */
+-   for (count = 0; (c != LINE_FEED) && (count < PIN_SIZE); count++){
+-      buff[count] = getc(stdin);
+-      c = buff[count];
+-      if ((c != LINE_FEED) && (c != BACK_SPACE))
+-         printf("*");
+-      if (c == BACK_SPACE) {
+-         printf("%c%c%c", BACK_SPACE, ' ', BACK_SPACE);
+-         count-=2;
+-      }
+-      fflush(stdout);
+-   }
+-
+-   echo(TRUE);
+-
+-   /* After we get the password go to the next line */
+-   printf("\n");
+-   fflush(stdout);
+-
+-   /* Allocate 80 bytes for the user PIN.  This is large enough for the tokens
+-    * supported in AIX 5.0 and 5.1 */
+-   *pin = (unsigned char *)malloc(PIN_SIZE);
+-
+-   /* Strip the carage return from the user input (it is not part of the PIN)
+-    * and put the PIN in the return buffer */
+-   buff[count-1] =  '\0'; //NULL; 
+-   strncpy((char *)*pin, buff, strlen((char *)buff)+1); // keep the trailing null for the strlen
++int get_pin(CK_CHAR **pin)
++{
++	int  count;
++	char buff[PIN_SIZE] = { 0 }, c = 0;
++	int rc = 0;
++
++	*pin = NULL;
++	/* Turn off echoing to the terminal when getting the password */
++	echo(FALSE);
++	/* Get each character and print out a '*' for each input */
++	for (count = 0; (c != LINE_FEED) && (count < PIN_SIZE); count++) {
++		buff[count] = getc(stdin);
++		c = buff[count];
++		if (c == BACK_SPACE || c == DELETE) {
++			printf("\nBackspace and delete character not allowed. "
++			       "Please retry entering your PIN.\n");
++			rc = -EINVAL;
++			echo(TRUE);
++			fflush(stdout);
++			goto out;
++		}
++		if ((c != LINE_FEED))
++			printf("*");
++		fflush(stdout);
++	}
++	echo(TRUE);
++	/* After we get the password go to the next line */
++	printf("\n");
++	fflush(stdout);
++	/* Allocate 80 bytes for the user PIN. This is large enough
++	 * for the tokens supported in AIX 5.0 and 5.1 */
++	*pin = (unsigned char *)malloc(PIN_SIZE);
++	if (!(*pin)) {
++		rc = -ENOMEM;
++		goto out;
++	}
++	/* Strip the carage return from the user input (it is not part
++	 * of the PIN) and put the PIN in the return buffer */
++	buff[count - 1] =  '\0';
++	/* keep the trailing null for the strlen */
++	strncpy((char *)*pin, buff, (strlen((char *)buff) + 1));
++out:
++	return rc;
+ }
+ 
+ int
diff --git a/openCryptoki.changes b/openCryptoki.changes
index 91eefc8..119856b 100644
--- a/openCryptoki.changes
+++ b/openCryptoki.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Jan 23 23:02:19 CET 2009 - jjolly@suse.de
+
+- Added fix to allow backspacing during PIN entry (bnc#448089)
+
 -------------------------------------------------------------------
 Fri Jan 23 07:42:59 CET 2009 - olh@suse.de
 
diff --git a/openCryptoki.spec b/openCryptoki.spec
index 3165b73..088ed8f 100644
--- a/openCryptoki.spec
+++ b/openCryptoki.spec
@@ -30,7 +30,7 @@ Name:           openCryptoki
 BuildRequires:  gcc-c++ libica openssl-devel pwdutils
 Summary:        An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
 Version:        2.2.6
-Release:        4
+Release:        6
 License:        IBM Public License
 Group:          Productivity/Security
 # :pserver:anonymous@cvs.sourceforge.net:/cvsroot/opencryptoki
@@ -38,6 +38,7 @@ Group:          Productivity/Security
 Source:         %{oc_cvs_tag}.tar.bz2
 Source1:        openCryptoki.pkcsslotd
 Source2:        openCryptoki-TFAQ.html
+Patch1:         ocki-2.2.6-PIN-backspace.patch
 Url:            http://oss.software.ibm.com/developerworks/opensource/opencryptoki
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed
@@ -117,6 +118,7 @@ Accelerator (FC 4960 on pSeries)
 %prep
 %setup -q -n %{oc_cvs_tag}
 cp %{SOURCE2} .
+%patch1
 
 %build
 autoreconf --force --install
@@ -259,6 +261,8 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so6
 %endif
 
 %changelog
+* Fri Jan 23 2009 jjolly@suse.de
+- Added fix to allow backspacing during PIN entry (bnc#448089)
 * Fri Jan 23 2009 olh@suse.de
 - run ldconfig in postinstall [bnc#417925]
 * Tue Dec 09 2008 kukuk@suse.de