This Linux-PAM login module allows a X.509 certificate based user login. The certificate and its dedicated private key are thereby accessed by means of an appropriate PKCS #11 module. For the verification of the users’ certificates, locally stored CA certificates as well as either online or locally accessible CRLs are used.
The idea is to use a smart card and its corresponding PKCS#11 library to login (and more) into a GNU/Linux system.
Changes This version has many changes. The previous version 0.6.8 was released in April 2012. Thanks to all the contributors that provided patches.
- Support many certificates - Italian translation - When searching LDAP, filter on the certificate - Add an LDAP "uid_attribute", use it to speed up - Add "attribute_map" to LDAP mapping - Treat "attribute_map" as a list of ANDed clauses - Do not fail if card was already unlocked, e.g. by a previous PAM module - Add CERT_SERIAL "serial" as a valid option - Support OpenSSL 1.1.x - Other minor changes
Download Download the .tar.gz archive from https://sourceforge.net/projects/opensc/files/pam_pkcs11/
Conclusion I am the maintainer of pam_pkcs11 but it do not use this software any more and have no time to take care of this project. A new maintainer is welcome.