diff --git a/Makefile.am b/Makefile.am index a9225586..8259ff7b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2,7 +2,7 @@ SUBDIRS = . aclocal doc etc macos man src win32 -EXTRA_DIST = ANNOUNCE CodingStyle PAM_README QUICKSTART README \ +EXTRA_DIST = ANNOUNCE CodingStyle QUICKSTART README \ bootstrap Makefile.mak depcomp \ solaris/Makefile solaris/README solaris/checkinstall.in \ solaris/opensc.conf-dist solaris/pkginfo.in solaris/proto diff --git a/PAM_README b/PAM_README deleted file mode 100644 index 01f449dd..00000000 --- a/PAM_README +++ /dev/null @@ -1,54 +0,0 @@ -Quick start guide to using the pam module -========================================= - -The pam module supports two different flavors: -a) "eid" - store the certificate for a user in that - users home directory in a file called ".eid/authorized_certificates" -b) "ldap" - store the certificate for a user in a central ldap - repository - -This guide only deals with flavor a). If you want to add documentation -on using pam with ldap, please send a patch to the opensc-devel mailing -list. See also the PAM section in the OpenSC HTML docs. - -First initialize the token, create a user with a pin, create a key -and create a certificate, all as documented in the QUICKSTART file. - - -The first thing is to copy the opensc pam module to the right location. -Pam modules are searched for in the directory /lib/security/. -$ cp /usr/lib/security/pam_opensc.so /lib/security/pam_opensc.so - -Now change one service to use this pam module by default. Keep at least -one xterm and/or virtual console open as root, so you can undo any -configuration change, in case it does not work. - -Edit for example /etc/pam.d/login and replace -auth required pam_unix.so nullok -with -auth required pam_opensc.so - -If you want to use opensc first, and fall back on normal password based -authentication, you could use these two lines: -auth sufficient pam_opensc.so -auth required pam_unix.so nullok - -Note the first line is marked as "sufficient", so successful smart card -authentication will let a user in. If both lines read "required", a user -would have to use a smart card with the right key and certificate on it, -enter the right pin *AND* have the right password for the normal login -procedure. - -Now every user needs to create a directory ".eid" in his or her home -directory and put the certificate in a file called "authorized_certificates". -To do this, enter the command (beware, this will overwrite the file): -$ pkcs15-tool -r 45 -o ~/.eid/authorized_certificates - -Now try to login using the smart card. Remember to first insert your -smart card into the reader, then enter your username, and then the -pin on your key. - -As of OpenSC version 0.9.2, ~/.eid/authorized_certificates can contain -multiple certificates. To use multiple certificates there, simply -concatenate them, for example like -$ pkcs15-tool -r 45 >> ~/.eid/authorized_certificates diff --git a/solaris/proto b/solaris/proto index afc41fbc..4063003d 100644 --- a/solaris/proto +++ b/solaris/proto @@ -33,7 +33,6 @@ f none usr/share/man/man7/opensc.7 0644 root other f none usr/share/man/man7/pkcs15.7 0644 root other d none usr/share/opensc 0755 root other f none usr/share/opensc/opensc.conf.example 0644 root other -f none usr/share/opensc/scldap.conf.example 0644 root other f none usr/share/opensc/cyberflex.profile 0644 root other f none usr/share/opensc/flex.profile 0644 root other f none usr/share/opensc/gpk.profile 0644 root other @@ -47,22 +46,15 @@ d none usr/lib 0755 root bin s none usr/lib/libscconf.so.0=libscconf.so.0.0.9 f none usr/lib/libscconf.so.0.0.9 0755 root bin s none usr/lib/libscconf.so=libscconf.so.0.0.9 -s none usr/lib/libscldap.so.0=libscldap.so.0.0.9 f none usr/lib/libscconf.la 0755 root bin f none usr/lib/libscconf.a 0644 root bin -f none usr/lib/libscldap.so.0.0.9 0755 root bin -s none usr/lib/libscldap.so=libscldap.so.0.0.9 s none usr/lib/libopensc.so.0=libopensc.so.0.0.9 -f none usr/lib/libscldap.la 0755 root bin -f none usr/lib/libscldap.a 0644 root bin f none usr/lib/libopensc.so.0.0.9 0755 root bin s none usr/lib/libopensc.so=libopensc.so.0.0.9 d none usr/lib/pkgconfig 0755 root bin f none usr/lib/pkgconfig/libopensc.pc 0644 root bin f none usr/lib/pkgconfig/libpkcs15init.pc 0644 root bin -f none usr/lib/pkgconfig/libscam.pc 0644 root bin f none usr/lib/pkgconfig/libscconf.pc 0644 root bin -f none usr/lib/pkgconfig/libscldap.pc 0644 root bin f none usr/lib/libopensc.la 0755 root bin f none usr/lib/libopensc.a 0644 root bin d none usr/lib/pkcs11 0755 root bin @@ -79,18 +71,9 @@ f none usr/lib/pkcs11/pkcs11-spy.la 0755 root bin f none usr/lib/pkcs11/pkcs11-spy.a 0644 root bin f none usr/lib/libpkcs15init.so.0.0.9 0755 root bin s none usr/lib/libpkcs15init.so.0=libpkcs15init.so.0.0.9 -s none usr/lib/libscam.so=libscam.so.0.0.9 s none usr/lib/libpkcs15init.so=libpkcs15init.so.0.0.9 f none usr/lib/libpkcs15init.la 0755 root bin f none usr/lib/libpkcs15init.a 0644 root bin -s none usr/lib/libscam.so.0=libscam.so.0.0.9 -f none usr/lib/libscam.so.0.0.9 0755 root bin -d none usr/lib/security 0755 root bin -f none usr/lib/security/pam_opensc.so 0755 root bin -f none usr/lib/security/pam_opensc.la 0755 root bin -f none usr/lib/security/pam_opensc.a 0644 root bin -f none usr/lib/libscam.la 0755 root bin -f none usr/lib/libscam.a 0644 root bin d none usr/lib/opensc 0755 root bin f none usr/lib/opensc/engine_opensc.so 0755 root bin f none usr/lib/opensc/engine_opensc.la 0755 root bin @@ -107,7 +90,6 @@ f none usr/include/opensc/rsaref/pkcs11t.h 0644 root bin f none usr/include/opensc/rsaref/unix.h 0644 root bin f none usr/include/opensc/rsaref/win32.h 0644 root bin f none usr/include/opensc/scconf.h 0644 root bin -f none usr/include/opensc/scldap.h 0644 root bin f none usr/include/opensc/opensc.h 0644 root bin f none usr/include/opensc/pkcs15.h 0644 root bin f none usr/include/opensc/emv.h 0644 root bin