AboutFrom the project wiki page:
This Linux-PAM login module allows a X.509 certificate based user login. The certificate and its dedicated private key are thereby accessed by means of an appropriate PKCS #11 module. For the verification of the users’ certificates, locally stored CA certificates as well as either online or locally accessible CRLs are used.
The idea is to use a smart card and its corresponding PKCS#11 library to login (and more) into a GNU/Linux system.
ChangesThis version has many changes. The previous version 0.6.8 was released in April 2012. Thanks to all the contributors that provided patches.
- Support many certificates
- Italian translation
- When searching LDAP, filter on the certificate
- Add an LDAP "uid_attribute", use it to speed up
- Add "attribute_map" to LDAP mapping
- Treat "attribute_map" as a list of ANDed clauses
- Do not fail if card was already unlocked, e.g. by a previous PAM module
- Add CERT_SERIAL "serial" as a valid option
- Support OpenSSL 1.1.x
- Other minor changes