* Remove PAM_README as it is not valid any more
* Remove dead files from Solaris package script git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2483 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
fc3048f55e
commit
0f0f28107c
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
SUBDIRS = . aclocal doc etc macos man src win32
|
SUBDIRS = . aclocal doc etc macos man src win32
|
||||||
|
|
||||||
EXTRA_DIST = ANNOUNCE CodingStyle PAM_README QUICKSTART README \
|
EXTRA_DIST = ANNOUNCE CodingStyle QUICKSTART README \
|
||||||
bootstrap Makefile.mak depcomp \
|
bootstrap Makefile.mak depcomp \
|
||||||
solaris/Makefile solaris/README solaris/checkinstall.in \
|
solaris/Makefile solaris/README solaris/checkinstall.in \
|
||||||
solaris/opensc.conf-dist solaris/pkginfo.in solaris/proto
|
solaris/opensc.conf-dist solaris/pkginfo.in solaris/proto
|
||||||
|
|
54
PAM_README
54
PAM_README
|
@ -1,54 +0,0 @@
|
||||||
Quick start guide to using the pam module
|
|
||||||
=========================================
|
|
||||||
|
|
||||||
The pam module supports two different flavors:
|
|
||||||
a) "eid" - store the certificate for a user in that
|
|
||||||
users home directory in a file called ".eid/authorized_certificates"
|
|
||||||
b) "ldap" - store the certificate for a user in a central ldap
|
|
||||||
repository
|
|
||||||
|
|
||||||
This guide only deals with flavor a). If you want to add documentation
|
|
||||||
on using pam with ldap, please send a patch to the opensc-devel mailing
|
|
||||||
list. See also the PAM section in the OpenSC HTML docs.
|
|
||||||
|
|
||||||
First initialize the token, create a user with a pin, create a key
|
|
||||||
and create a certificate, all as documented in the QUICKSTART file.
|
|
||||||
|
|
||||||
|
|
||||||
The first thing is to copy the opensc pam module to the right location.
|
|
||||||
Pam modules are searched for in the directory /lib/security/.
|
|
||||||
$ cp /usr/lib/security/pam_opensc.so /lib/security/pam_opensc.so
|
|
||||||
|
|
||||||
Now change one service to use this pam module by default. Keep at least
|
|
||||||
one xterm and/or virtual console open as root, so you can undo any
|
|
||||||
configuration change, in case it does not work.
|
|
||||||
|
|
||||||
Edit for example /etc/pam.d/login and replace
|
|
||||||
auth required pam_unix.so nullok
|
|
||||||
with
|
|
||||||
auth required pam_opensc.so
|
|
||||||
|
|
||||||
If you want to use opensc first, and fall back on normal password based
|
|
||||||
authentication, you could use these two lines:
|
|
||||||
auth sufficient pam_opensc.so
|
|
||||||
auth required pam_unix.so nullok
|
|
||||||
|
|
||||||
Note the first line is marked as "sufficient", so successful smart card
|
|
||||||
authentication will let a user in. If both lines read "required", a user
|
|
||||||
would have to use a smart card with the right key and certificate on it,
|
|
||||||
enter the right pin *AND* have the right password for the normal login
|
|
||||||
procedure.
|
|
||||||
|
|
||||||
Now every user needs to create a directory ".eid" in his or her home
|
|
||||||
directory and put the certificate in a file called "authorized_certificates".
|
|
||||||
To do this, enter the command (beware, this will overwrite the file):
|
|
||||||
$ pkcs15-tool -r 45 -o ~/.eid/authorized_certificates
|
|
||||||
|
|
||||||
Now try to login using the smart card. Remember to first insert your
|
|
||||||
smart card into the reader, then enter your username, and then the
|
|
||||||
pin on your key.
|
|
||||||
|
|
||||||
As of OpenSC version 0.9.2, ~/.eid/authorized_certificates can contain
|
|
||||||
multiple certificates. To use multiple certificates there, simply
|
|
||||||
concatenate them, for example like
|
|
||||||
$ pkcs15-tool -r 45 >> ~/.eid/authorized_certificates
|
|
|
@ -33,7 +33,6 @@ f none usr/share/man/man7/opensc.7 0644 root other
|
||||||
f none usr/share/man/man7/pkcs15.7 0644 root other
|
f none usr/share/man/man7/pkcs15.7 0644 root other
|
||||||
d none usr/share/opensc 0755 root other
|
d none usr/share/opensc 0755 root other
|
||||||
f none usr/share/opensc/opensc.conf.example 0644 root other
|
f none usr/share/opensc/opensc.conf.example 0644 root other
|
||||||
f none usr/share/opensc/scldap.conf.example 0644 root other
|
|
||||||
f none usr/share/opensc/cyberflex.profile 0644 root other
|
f none usr/share/opensc/cyberflex.profile 0644 root other
|
||||||
f none usr/share/opensc/flex.profile 0644 root other
|
f none usr/share/opensc/flex.profile 0644 root other
|
||||||
f none usr/share/opensc/gpk.profile 0644 root other
|
f none usr/share/opensc/gpk.profile 0644 root other
|
||||||
|
@ -47,22 +46,15 @@ d none usr/lib 0755 root bin
|
||||||
s none usr/lib/libscconf.so.0=libscconf.so.0.0.9
|
s none usr/lib/libscconf.so.0=libscconf.so.0.0.9
|
||||||
f none usr/lib/libscconf.so.0.0.9 0755 root bin
|
f none usr/lib/libscconf.so.0.0.9 0755 root bin
|
||||||
s none usr/lib/libscconf.so=libscconf.so.0.0.9
|
s none usr/lib/libscconf.so=libscconf.so.0.0.9
|
||||||
s none usr/lib/libscldap.so.0=libscldap.so.0.0.9
|
|
||||||
f none usr/lib/libscconf.la 0755 root bin
|
f none usr/lib/libscconf.la 0755 root bin
|
||||||
f none usr/lib/libscconf.a 0644 root bin
|
f none usr/lib/libscconf.a 0644 root bin
|
||||||
f none usr/lib/libscldap.so.0.0.9 0755 root bin
|
|
||||||
s none usr/lib/libscldap.so=libscldap.so.0.0.9
|
|
||||||
s none usr/lib/libopensc.so.0=libopensc.so.0.0.9
|
s none usr/lib/libopensc.so.0=libopensc.so.0.0.9
|
||||||
f none usr/lib/libscldap.la 0755 root bin
|
|
||||||
f none usr/lib/libscldap.a 0644 root bin
|
|
||||||
f none usr/lib/libopensc.so.0.0.9 0755 root bin
|
f none usr/lib/libopensc.so.0.0.9 0755 root bin
|
||||||
s none usr/lib/libopensc.so=libopensc.so.0.0.9
|
s none usr/lib/libopensc.so=libopensc.so.0.0.9
|
||||||
d none usr/lib/pkgconfig 0755 root bin
|
d none usr/lib/pkgconfig 0755 root bin
|
||||||
f none usr/lib/pkgconfig/libopensc.pc 0644 root bin
|
f none usr/lib/pkgconfig/libopensc.pc 0644 root bin
|
||||||
f none usr/lib/pkgconfig/libpkcs15init.pc 0644 root bin
|
f none usr/lib/pkgconfig/libpkcs15init.pc 0644 root bin
|
||||||
f none usr/lib/pkgconfig/libscam.pc 0644 root bin
|
|
||||||
f none usr/lib/pkgconfig/libscconf.pc 0644 root bin
|
f none usr/lib/pkgconfig/libscconf.pc 0644 root bin
|
||||||
f none usr/lib/pkgconfig/libscldap.pc 0644 root bin
|
|
||||||
f none usr/lib/libopensc.la 0755 root bin
|
f none usr/lib/libopensc.la 0755 root bin
|
||||||
f none usr/lib/libopensc.a 0644 root bin
|
f none usr/lib/libopensc.a 0644 root bin
|
||||||
d none usr/lib/pkcs11 0755 root bin
|
d none usr/lib/pkcs11 0755 root bin
|
||||||
|
@ -79,18 +71,9 @@ f none usr/lib/pkcs11/pkcs11-spy.la 0755 root bin
|
||||||
f none usr/lib/pkcs11/pkcs11-spy.a 0644 root bin
|
f none usr/lib/pkcs11/pkcs11-spy.a 0644 root bin
|
||||||
f none usr/lib/libpkcs15init.so.0.0.9 0755 root bin
|
f none usr/lib/libpkcs15init.so.0.0.9 0755 root bin
|
||||||
s none usr/lib/libpkcs15init.so.0=libpkcs15init.so.0.0.9
|
s none usr/lib/libpkcs15init.so.0=libpkcs15init.so.0.0.9
|
||||||
s none usr/lib/libscam.so=libscam.so.0.0.9
|
|
||||||
s none usr/lib/libpkcs15init.so=libpkcs15init.so.0.0.9
|
s none usr/lib/libpkcs15init.so=libpkcs15init.so.0.0.9
|
||||||
f none usr/lib/libpkcs15init.la 0755 root bin
|
f none usr/lib/libpkcs15init.la 0755 root bin
|
||||||
f none usr/lib/libpkcs15init.a 0644 root bin
|
f none usr/lib/libpkcs15init.a 0644 root bin
|
||||||
s none usr/lib/libscam.so.0=libscam.so.0.0.9
|
|
||||||
f none usr/lib/libscam.so.0.0.9 0755 root bin
|
|
||||||
d none usr/lib/security 0755 root bin
|
|
||||||
f none usr/lib/security/pam_opensc.so 0755 root bin
|
|
||||||
f none usr/lib/security/pam_opensc.la 0755 root bin
|
|
||||||
f none usr/lib/security/pam_opensc.a 0644 root bin
|
|
||||||
f none usr/lib/libscam.la 0755 root bin
|
|
||||||
f none usr/lib/libscam.a 0644 root bin
|
|
||||||
d none usr/lib/opensc 0755 root bin
|
d none usr/lib/opensc 0755 root bin
|
||||||
f none usr/lib/opensc/engine_opensc.so 0755 root bin
|
f none usr/lib/opensc/engine_opensc.so 0755 root bin
|
||||||
f none usr/lib/opensc/engine_opensc.la 0755 root bin
|
f none usr/lib/opensc/engine_opensc.la 0755 root bin
|
||||||
|
@ -107,7 +90,6 @@ f none usr/include/opensc/rsaref/pkcs11t.h 0644 root bin
|
||||||
f none usr/include/opensc/rsaref/unix.h 0644 root bin
|
f none usr/include/opensc/rsaref/unix.h 0644 root bin
|
||||||
f none usr/include/opensc/rsaref/win32.h 0644 root bin
|
f none usr/include/opensc/rsaref/win32.h 0644 root bin
|
||||||
f none usr/include/opensc/scconf.h 0644 root bin
|
f none usr/include/opensc/scconf.h 0644 root bin
|
||||||
f none usr/include/opensc/scldap.h 0644 root bin
|
|
||||||
f none usr/include/opensc/opensc.h 0644 root bin
|
f none usr/include/opensc/opensc.h 0644 root bin
|
||||||
f none usr/include/opensc/pkcs15.h 0644 root bin
|
f none usr/include/opensc/pkcs15.h 0644 root bin
|
||||||
f none usr/include/opensc/emv.h 0644 root bin
|
f none usr/include/opensc/emv.h 0644 root bin
|
||||||
|
|
Loading…
Reference in New Issue