* Remove PAM_README as it is not valid any more
* Remove dead files from Solaris package script git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2483 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
fc3048f55e
commit
0f0f28107c
|
@ -2,7 +2,7 @@
|
|||
|
||||
SUBDIRS = . aclocal doc etc macos man src win32
|
||||
|
||||
EXTRA_DIST = ANNOUNCE CodingStyle PAM_README QUICKSTART README \
|
||||
EXTRA_DIST = ANNOUNCE CodingStyle QUICKSTART README \
|
||||
bootstrap Makefile.mak depcomp \
|
||||
solaris/Makefile solaris/README solaris/checkinstall.in \
|
||||
solaris/opensc.conf-dist solaris/pkginfo.in solaris/proto
|
||||
|
|
54
PAM_README
54
PAM_README
|
@ -1,54 +0,0 @@
|
|||
Quick start guide to using the pam module
|
||||
=========================================
|
||||
|
||||
The pam module supports two different flavors:
|
||||
a) "eid" - store the certificate for a user in that
|
||||
users home directory in a file called ".eid/authorized_certificates"
|
||||
b) "ldap" - store the certificate for a user in a central ldap
|
||||
repository
|
||||
|
||||
This guide only deals with flavor a). If you want to add documentation
|
||||
on using pam with ldap, please send a patch to the opensc-devel mailing
|
||||
list. See also the PAM section in the OpenSC HTML docs.
|
||||
|
||||
First initialize the token, create a user with a pin, create a key
|
||||
and create a certificate, all as documented in the QUICKSTART file.
|
||||
|
||||
|
||||
The first thing is to copy the opensc pam module to the right location.
|
||||
Pam modules are searched for in the directory /lib/security/.
|
||||
$ cp /usr/lib/security/pam_opensc.so /lib/security/pam_opensc.so
|
||||
|
||||
Now change one service to use this pam module by default. Keep at least
|
||||
one xterm and/or virtual console open as root, so you can undo any
|
||||
configuration change, in case it does not work.
|
||||
|
||||
Edit for example /etc/pam.d/login and replace
|
||||
auth required pam_unix.so nullok
|
||||
with
|
||||
auth required pam_opensc.so
|
||||
|
||||
If you want to use opensc first, and fall back on normal password based
|
||||
authentication, you could use these two lines:
|
||||
auth sufficient pam_opensc.so
|
||||
auth required pam_unix.so nullok
|
||||
|
||||
Note the first line is marked as "sufficient", so successful smart card
|
||||
authentication will let a user in. If both lines read "required", a user
|
||||
would have to use a smart card with the right key and certificate on it,
|
||||
enter the right pin *AND* have the right password for the normal login
|
||||
procedure.
|
||||
|
||||
Now every user needs to create a directory ".eid" in his or her home
|
||||
directory and put the certificate in a file called "authorized_certificates".
|
||||
To do this, enter the command (beware, this will overwrite the file):
|
||||
$ pkcs15-tool -r 45 -o ~/.eid/authorized_certificates
|
||||
|
||||
Now try to login using the smart card. Remember to first insert your
|
||||
smart card into the reader, then enter your username, and then the
|
||||
pin on your key.
|
||||
|
||||
As of OpenSC version 0.9.2, ~/.eid/authorized_certificates can contain
|
||||
multiple certificates. To use multiple certificates there, simply
|
||||
concatenate them, for example like
|
||||
$ pkcs15-tool -r 45 >> ~/.eid/authorized_certificates
|
|
@ -33,7 +33,6 @@ f none usr/share/man/man7/opensc.7 0644 root other
|
|||
f none usr/share/man/man7/pkcs15.7 0644 root other
|
||||
d none usr/share/opensc 0755 root other
|
||||
f none usr/share/opensc/opensc.conf.example 0644 root other
|
||||
f none usr/share/opensc/scldap.conf.example 0644 root other
|
||||
f none usr/share/opensc/cyberflex.profile 0644 root other
|
||||
f none usr/share/opensc/flex.profile 0644 root other
|
||||
f none usr/share/opensc/gpk.profile 0644 root other
|
||||
|
@ -47,22 +46,15 @@ d none usr/lib 0755 root bin
|
|||
s none usr/lib/libscconf.so.0=libscconf.so.0.0.9
|
||||
f none usr/lib/libscconf.so.0.0.9 0755 root bin
|
||||
s none usr/lib/libscconf.so=libscconf.so.0.0.9
|
||||
s none usr/lib/libscldap.so.0=libscldap.so.0.0.9
|
||||
f none usr/lib/libscconf.la 0755 root bin
|
||||
f none usr/lib/libscconf.a 0644 root bin
|
||||
f none usr/lib/libscldap.so.0.0.9 0755 root bin
|
||||
s none usr/lib/libscldap.so=libscldap.so.0.0.9
|
||||
s none usr/lib/libopensc.so.0=libopensc.so.0.0.9
|
||||
f none usr/lib/libscldap.la 0755 root bin
|
||||
f none usr/lib/libscldap.a 0644 root bin
|
||||
f none usr/lib/libopensc.so.0.0.9 0755 root bin
|
||||
s none usr/lib/libopensc.so=libopensc.so.0.0.9
|
||||
d none usr/lib/pkgconfig 0755 root bin
|
||||
f none usr/lib/pkgconfig/libopensc.pc 0644 root bin
|
||||
f none usr/lib/pkgconfig/libpkcs15init.pc 0644 root bin
|
||||
f none usr/lib/pkgconfig/libscam.pc 0644 root bin
|
||||
f none usr/lib/pkgconfig/libscconf.pc 0644 root bin
|
||||
f none usr/lib/pkgconfig/libscldap.pc 0644 root bin
|
||||
f none usr/lib/libopensc.la 0755 root bin
|
||||
f none usr/lib/libopensc.a 0644 root bin
|
||||
d none usr/lib/pkcs11 0755 root bin
|
||||
|
@ -79,18 +71,9 @@ f none usr/lib/pkcs11/pkcs11-spy.la 0755 root bin
|
|||
f none usr/lib/pkcs11/pkcs11-spy.a 0644 root bin
|
||||
f none usr/lib/libpkcs15init.so.0.0.9 0755 root bin
|
||||
s none usr/lib/libpkcs15init.so.0=libpkcs15init.so.0.0.9
|
||||
s none usr/lib/libscam.so=libscam.so.0.0.9
|
||||
s none usr/lib/libpkcs15init.so=libpkcs15init.so.0.0.9
|
||||
f none usr/lib/libpkcs15init.la 0755 root bin
|
||||
f none usr/lib/libpkcs15init.a 0644 root bin
|
||||
s none usr/lib/libscam.so.0=libscam.so.0.0.9
|
||||
f none usr/lib/libscam.so.0.0.9 0755 root bin
|
||||
d none usr/lib/security 0755 root bin
|
||||
f none usr/lib/security/pam_opensc.so 0755 root bin
|
||||
f none usr/lib/security/pam_opensc.la 0755 root bin
|
||||
f none usr/lib/security/pam_opensc.a 0644 root bin
|
||||
f none usr/lib/libscam.la 0755 root bin
|
||||
f none usr/lib/libscam.a 0644 root bin
|
||||
d none usr/lib/opensc 0755 root bin
|
||||
f none usr/lib/opensc/engine_opensc.so 0755 root bin
|
||||
f none usr/lib/opensc/engine_opensc.la 0755 root bin
|
||||
|
@ -107,7 +90,6 @@ f none usr/include/opensc/rsaref/pkcs11t.h 0644 root bin
|
|||
f none usr/include/opensc/rsaref/unix.h 0644 root bin
|
||||
f none usr/include/opensc/rsaref/win32.h 0644 root bin
|
||||
f none usr/include/opensc/scconf.h 0644 root bin
|
||||
f none usr/include/opensc/scldap.h 0644 root bin
|
||||
f none usr/include/opensc/opensc.h 0644 root bin
|
||||
f none usr/include/opensc/pkcs15.h 0644 root bin
|
||||
f none usr/include/opensc/emv.h 0644 root bin
|
||||
|
|
Loading…
Reference in New Issue