pam_pkcs11: new version 0.6.11


From the project wiki page:
This Linux-PAM login module allows a X.509 certificate based user login. The certificate and its dedicated private key are thereby accessed by means of an appropriate PKCS #11 module. For the verification of the users’ certificates, locally stored CA certificates as well as either online or locally accessible CRLs are used.

The idea is to use a smart card and its corresponding PKCS#11 library to login (and more) into a GNU/Linux system.


22 May 2019
  • Version 0.6.11
  • Support OpenSSL 1.1.0
  • use green instead of blue text for logs on the console
  • Solaris runs build process outside of srcdir
  • Fix openssh_mapper_match_keys() for OpenSSL 1.0 & 1.1
  • Fix 64-bit pkcs11_inspect(1) fails on SPARC with a SIBGUS due to misaligned access
  • Add support of ECDSA signature in addition to RSA


Download the .tar.gz archive from

The .tar.gz or .zip files available from github are not complete (the ./configure script is missing for example)


In a previous blog article "pam_pkcs11: new/last version 0.6.9" (3 years ago) I wrote that it was my last release of pam_pkcs11.
  1. But I had to work on a problem related to the use of pam_pkcs11.
  2. I discovered that the version 0.6.10 (released by Paul Wolneykien, thanks) was not available in Debian.
  3. I decided to upgrade the Debian package.
  4. But version 0.6.10 broke support of OpenSSL 1.1.0 and the build for Debian failed.
  5. So I had to fix that and decided to also merge submitted patches and fix other reported bugs.
That is why you now have a new version of pam_pkcs11.