we would like to use the token without a user PIN and only use a PIN for the generated key. How must the token be initialized?
The reason is that certain software (such as Adobe) does not automatically recognize the token. So you have to register twice (once to announce the token and then when the key is to be used for the signature.
I don’t know exactly what the problem is… maybe it would be useful to have some screenshots from the software you are trying to use. Do you have to enter PIN twice for some use cases?
If you are not authenticated to the token, it is possible to list public keys and certificate on it.
You only need to authenticate if you want to use the key (or do some changes). But then it depends how the PKCS#11 library is used and if the session can be open and authenticated once and then re-used later.