diff -up ./nss/lib/softoken/fipstokn.c.allow_level1 ./nss/lib/softoken/fipstokn.c
--- ./nss/lib/softoken/fipstokn.c.allow_level1	2013-10-11 11:47:31.265670032 -0700
+++ ./nss/lib/softoken/fipstokn.c	2013-10-11 11:58:12.730655827 -0700
@@ -97,6 +97,7 @@ libaudit_init(void)
  * ******************** Password Utilities *******************************
  */
 static PRBool isLoggedIn = PR_FALSE;
+static PRBool isLevel2 = PR_TRUE;
 PRBool sftk_fatalError = PR_FALSE;
 
 /*
@@ -197,7 +198,7 @@ static CK_RV sftk_newPinCheck(CK_CHAR_PT
 static CK_RV sftk_fipsCheck(void) {
     if (sftk_fatalError) 
 	return CKR_DEVICE_ERROR;
-    if (!isLoggedIn) 
+    if (isLevel2 && !isLoggedIn) 
 	return CKR_USER_NOT_LOGGED_IN;
     return CKR_OK;
 }
@@ -498,6 +499,7 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserve
 	return crv;
     }
     nsf_init = PR_TRUE;
+    isLevel2 = PR_TRUE; /* assume level 2 unless we learn otherwise */
 
     return CKR_OK;
 }
@@ -552,8 +554,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID,
     CHECK_FORK();
 
     crv = NSC_GetTokenInfo(slotID,pInfo);
-    if (crv == CKR_OK) 
-       pInfo->flags |= CKF_LOGIN_REQUIRED;
+    if (crv == CKR_OK) {
+	if ((pInfo->flags & CKF_LOGIN_REQUIRED) == 0) {
+	    isLevel2 = PR_FALSE;
+ 	}
+    }
     return crv;
 
 }