Built: 2 months ago
Size: 266 KB
Home page: https://github.com/OpenSC/pam_pkcs11
Summary: PKCS #11 PAM Module and Login Tools
This Linux-PAM login module allows a X.509 certificate based user login.
The certificate and its dedicated private key are thereby accessed by
means of an appropriate PKCS #11 module. For the verification of the
user certificates, locally stored CA certificates as well as either
online or locally accessible CRLs are used.
Adittional included pam_pkcs11 related tools:
- pkcs11_eventmgr: Generate actions on card insert/removal/timeout
- pklogin_finder: Get the loginname that maps to a certificate
- pkcs11_inspect: Inspect the contents of a certificate
List of contributors:
- New version 0.6.10.
- Cleanup passwords with `cleanse()` in the new code too.
- README.md: removed license section (thx Frank Morgner).
- Update README.md (thx Frank Morgner).
- fixed wiping secrets with OpenSSL_cleanse() (thx Frank Morgner).
- fixed buffer overflow with long home directory (thx Frank Morgner).
- verify using a nonce from the system, not the card (thx Frank Morgner).
- Fixed segfault and fetch problems when checking CRLs (thx Gil Kloepfer).
- Distinguish between entering a wrong user PIN and SO PIN during
the PIN change / initialization procedure.
- Fixed: Distinguish between expired PIN and other cases to change it.