search for: pam_pkcs11

...Without them, I also don't see an icon in the taskbar... but using ssh-add (actually, my manager built openssh, opensc and openct from current source, 5.4? 5.5?, and renamed stuff to piv-....), so I do piv-ssh-add -s opensc-pkcs11.so, and it adds the card. Before you do that... configure /etc/pam_pkcs11/pam_pkcs11.conf so that # Filename of the PKCS #11 module. The default value is "default" use_pkcs11_module = opensc; and you may have to decide on a mapper. Then restart pcscd, and you should be good to go. At any rate, no wrong/confusing windows, and logins work. I do note that i...

Hi folks, I've ran into an interesting issue when I was trying to set up Winbind client to use smart card for authentication. >From what I was able to gather, Winbind doesn't support smart card auth. To my surprise, I was able to authenticate without pam_pkcs11 or pam_krb5 in my PAM stack, using only pam_winbind, after I've added config like this into /etc/krb5.conf: ``` EXAMPLE.COM = { pkinit_cert_match = &&<EKU>msScLogin,<KU>digitalSignature pkinit_eku_checking = kpServerAuth pkinit_identities = PKCS11:/usr/lib64/pkcs11/opensc-p...

I have been looking at replacing our current login systems with a single login solution. In the process I managed to get sidetracked into investigating pam_pkcs11. My question, which no doubt reveals the depth of my ignorance, is: Can a simple USB flash memory stick be configured to work with this or some similar module of which I as yet know nothing? Everything I have managed to find about this method of loging on to CentOS implies that either a special s...

Hello, The version 0.11 of "PKCS#11 support in OpenSSH" is published. Changes: 1. Updated against OpenSSH 4.3p2. 2. Modified against Roumen Petrov's X.509 patch (version 5.4), so self-signed certificates are treated by the X.509 patch now. 3. Added --pkcs11-x509-force-ssh if X.509 patch applied, until some issues with the X.509 patch are resolved. 4. Fixed issues with gcc-2. You

Hello All, As I promised, I've completed and initial patch for openssh PKCS#11 support. The same framework is used also by openvpn. I want to help everyone who assisted during development. This patch is based on the X.509 patch from http://roumenpetrov.info/openssh/ written by Rumen Petrov, supporting PKCS#11 without X.509 looks like a bad idea. *So the first question is: What is the

...s is enabled krb5 kdc = "prod-srv-8.cme.com:88,prod-srv-8.cme.com" krb5 kdc via dns is enabled krb5 admin server = "prod-srv-8.cme.com:749" pam_ldap is disabled LDAP+TLS is disabled LDAP server = "ldap://127.0.0.1/" LDAP base DN = "dc=example,dc=com" pam_pkcs11 is disabled use only smartcard for login is disabled smartcard module = "coolkey" smartcard removal action = "Ignore" pam_smb_auth is enabled SMB workgroup = "CME" SMB servers = "prod-srv-8.cme.com" pam_winbind is enabled SMB workgroup = "CME&qu...

...ython -nscd nspr nss nss_db -nss_ldap nss-tools ntp ntsysv -numactl -oddjob -oddjob-libs -openais OpenIPMI OpenIPMI-libs OpenIPMI-tools openjade openldap opensp openssh openssh-clients openssh-server openssl openssl097a openssl-devel -oprofile -ORBit2 pam pam-devel pam_ccreds -pam_krb5 pam_passwdqc pam_pkcs11 pam_smb pango paps parted passwd patch patchutils pax pciutils pciutils-devel -pcmciautils pcre pcre-devel pcsc-lite pcsc-lite-libs perl perl-Compress-Zlib perl-Convert-ASN1 perl-Crypt-SSLeay perl-DateManip perl-DBD-Pg perl-DBI perl-HTML-Parser perl-HTML-Tagset perl-IO-Socket-SSL perl-LDAP perl-lib...