<html xmlns="http://www.w3.org/1999/xhtml" xmlns:html="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title> PamModules – OpenSC </title><style type="text/css"> @import url(trac.css); </style></head><body><div id="content" class="wiki"> <div class="wikipage searchable"> <h1 id="PamModules">Pam Modules</h1> <p> OpenSC up to 0.9.6 included its own pam module pam_opensc. This module was removed in OpenSC 0.10.0. </p> <p> Instead you can use either of these pam modules: </p> <ul><li><a href="http://www.opensc-project.org/pam_p11/" shape="rect">Pam_p11</a> is a very simple pam module, perfect for small and simple setups (no ca, no crl, no signature checks, </li></ul><blockquote> <blockquote> <p> simply authenticating with the keys you added to a file). Pam_p11 contains two modules: pam_p11_opensc and pam_p11_openssh. </p> </blockquote> </blockquote> <ul><li>pam_p11_opensc is the successor of the old pam_opensc module (eid mode). simply add certificates in pem format to the .eid/authorized_certificates file and any smart card with a matching certificate and key can login. </li><li>pam_p11_openssh looks at .ssh/authorized_keys format (the well known openssh file), and lets a user login, if he has a smart card with a matching key. </li></ul><ul><li><a href="http://www.opensc-project.org/pam_pkcs11/" shape="rect">Pam_PKCS11</a> is fully featured, it does all those ca checks, can work with ldap, kerberos and other mechanisms and has many different so called mappers for a very flexible mapping of smart cards to users. </li></ul> </div> </div><div class="footer"><hr></hr><p><a href="index.html">Back to Index</a></p></div></body></html>