Wednesday, September 28, 2016

pam_pkcs11: new/last version 0.6.9


From the project wiki page:
This Linux-PAM login module allows a X.509 certificate based user login. The certificate and its dedicated private key are thereby accessed by means of an appropriate PKCS #11 module. For the verification of the users’ certificates, locally stored CA certificates as well as either online or locally accessible CRLs are used.

The idea is to use a smart card and its corresponding PKCS#11 library to login (and more) into a GNU/Linux system.


This version has many changes. The previous version 0.6.8 was released in April 2012. Thanks to all the contributors that provided patches.
  • Support many certificates
  • Italian translation
  • When searching LDAP, filter on the certificate
  • Add an LDAP "uid_attribute", use it to speed up
  • Add "attribute_map" to LDAP mapping
  • Treat "attribute_map" as a list of ANDed clauses
  • Do not fail if card was already unlocked, e.g. by a previous PAM module
  • Add CERT_SERIAL "serial" as a valid option
  • Support OpenSSL 1.1.x
  • Other minor changes


Download the .tar.gz archive from


I am the maintainer of pam_pkcs11 but it do not use this software any more and have no time to take care of this project. A new maintainer is welcome.