Built: about 5 years ago
Size: 220 KB
Home page: https://github.com/OpenSC/pam_pkcs11
Summary: PKCS #11 PAM Module and Login Tools
This Linux-PAM login module allows a X.509 certificate based user login.
The certificate and its dedicated private key are thereby accessed by
means of an appropriate PKCS #11 module. For the verification of the
users' certificates, locally stored CA certificates as well as either
online or locally accessible CRLs are used.
Adittional included pam_pkcs11 related tools:
- pkcs11_eventmgr: Generate actions on card insert/removal/timeout
- pklogin_finder: Get the loginname that maps to a certificate
- pkcs11_inspect: Inspect the contents of a certificate
- Build for p8.2016-11-21 Ivan Zakharyaschev 0.6.9-alt3
- ask_pin (by default: true) option added (thx cas@); the corresponding PAM options are: ask_pin, dont_ask_pin.2016-11-20 Ivan Zakharyaschev 0.6.9-alt2
- Restored ALT-specific features (from p7's 0.6.4-alt2, originally by raorn@): 1. The example configs are placed in /usr/share/pam_pkcs11/. 2. The use of OpenSSL's c_hash instead of pkcs11_make_hash_links is advised in the documentation; more options in example configs. 3. global_ca configuration option for the system-wide cert storage. 4. Russian translations updated (and shortened "smart card" into "token" in some places). 5. Larger buffers (to hold localized strings) and safer operations with them (no unjustified sprintf). 6. Check if there are any valid certificates before asking for PIN.