AboutFrom the project wiki page:
This Linux-PAM login module allows a X.509 certificate based user login. The certificate and its dedicated private key are thereby accessed by means of an appropriate PKCS #11 module. For the verification of the users’ certificates, locally stored CA certificates as well as either online or locally accessible CRLs are used.
The idea is to use a smart card and its corresponding PKCS#11 library to login (and more) into a GNU/Linux system.
Changes:22 May 2019
- Version 0.6.11
- Support OpenSSL 1.1.0
- use green instead of blue text for logs on the console
- Solaris runs build process outside of srcdir
openssh_mapper_match_keys()for OpenSSL 1.0 & 1.1
- Fix 64-bit pkcs11_inspect(1) fails on SPARC with a SIBGUS due to misaligned access
- Add support of ECDSA signature in addition to RSA
DownloadDownload the .tar.gz archive from https://sourceforge.net/projects/opensc/files/pam_pkcs11/
The .tar.gz or .zip files available from github are not complete (the ./configure script is missing for example)
HistoryIn a previous blog article "pam_pkcs11: new/last version 0.6.9" (3 years ago) I wrote that it was my last release of pam_pkcs11.
- But I had to work on a problem related to the use of pam_pkcs11.
- I discovered that the version 0.6.10 (released by in Debian.
- I decided to upgrade the Debian package.
- But version 0.6.10 broke support of OpenSSL 1.1.0 and the build for Debian failed.
- So I had to fix that and decided to also merge submitted patches and fix other reported bugs.