small configure improvements, documentation updates.

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1873 c6295689-39f2-0310-b995-f0e70906c6a9

ANNOUNCE

@@ -1,9 +1,9 @@
-
-
-OpenSC Release 0.8.1
+OpenSC Release 0.9.2
 ====================
 
-We are pleased to announce the availability of OpenSC 0.8.1.
+We are pleased to announce the availability of OpenSC 0.9.2.
+This is a beta version, intended for testing. Please be careful
+and do not use this software on production machines.
 
 OpenSC provides a set of libraries and utilities to access smart
 cards. Its main focus is on cards that support cryptographic operations,
@@ -15,7 +15,8 @@ OpenSC can be used with the following applications and libraries:
  -	Netscape Communicator and Mozilla (through its PKCS#11 module),
  	for secure email (S/MIME) and SSL authentication
  -	OpenSSH, for user authentication
- -	FreeSWAN, for authentication and key management
+ -	FreeSWAN, StrongSWAN and OpenSWAN,
+        for authentication and key management
  -	OpenSSL, for key and certificate storage, key generation and
  	signing of certificate requests
  -	GNUpg 1.9 (experimental), for key storage
@@ -38,16 +39,16 @@ The following card operating systems are supported at the moment (where
 read-only means that personalized cards can be used, but OpenSC does not
 provide personalization support for these).
 
- -	Gemplus GPK cards (except Gemsafe)
- -	Schlumberger Cryptoflex
  -	CardOS/M4 (Aladdin eToken PRO, etc)
- -	Starcos SPK (read-only)
- -	Micardo (read-only)
+ -	Schlumberger/Axalto Cryptoflex and Cyberflex
+ -	IBM JCOP
+ -	Starcos SPK
+ -	Oberthur AuthentIC v5
+ -	Estonian ID card (read-only)
  -	MioCOS (read-only)
  -	Setcos (read-only)
  -	TCOS (read-only)
 
-Note that Java cards are not supported at the moment.
 
 
 

Makefile.am

@@ -2,7 +2,7 @@
 
 SUBDIRS = . aclocal docs etc macos src win32
 
-EXTRA_DIST = ANNOUNCE CodingStyle QUICKSTART README bootstrap Makefile.mak depcomp
+EXTRA_DIST = ANNOUNCE CodingStyle PAM_README QUICKSTART README bootstrap Makefile.mak depcomp
 
 MAINTAINERCLEANFILES = \
 	Makefile.in config.h.in configure \

NEWS

@@ -1,5 +1,23 @@
 NEWS for OpenSC -- History of user visible changes
 
+New in 0.9.2; 2004-07-24; Andreas Jellinghaus:
+* This is an beta test version. Please be careful.
+  Do not use in production environments.
+* Fix sslengine, link those dynamicaly with libcrypto
+  for openssl 0.9.7d and later.
+* fixed small bug in pkcs11-tool
+* link pkcs11-toll and pkcs15-crypt with -lcrypto
+* New driver for estonian ID card.
+* bumped version number to opensc 0.9.2
+* New card supported: Oberthur AuthentIC v5
+* eid pam module now checks permissions, and supports several
+  certificates in ~/.eid/authorized_certificates
+  Thanks to Fritz Elfert <fritz.elfert@millenux.com>
+* Upgrade library version to 0.9, since incompatible changes
+  are very likely somewhere.
+* Merged several pkcs15 profiles into one with different
+  options.
+
 New in 0.8.1; 2003-09-30; Olaf Kirch:
 * Upgrade libopensc versioning, hasn't been
   accidently upgraded since 0.6.0 release

PAM_README

@@ -0,0 +1,51 @@
+Quick start guide to using the pam module
+=========================================
+
+The pam module supports two different flavors:
+a) "eid" - store the certificate for a user in that
+   users home directory in a file called ".eid/authorized_certificates"
+b) "ldap" - store the certificate for a user in a central ldap
+   repository
+
+This guide only deals with flavor a). If you want to add documentation
+on using pam with ldap, please send a patch to the opensc-devel mailing
+list.
+
+First initialize the token, create a user with a pin, create a key
+and create a certificate, all as documented in the QUICKSTART file.
+
+
+The first thing is to copy the opensc pam module to the right location.
+Pam modules are searched for in the directory /lib/security/.
+$ cp /usr/lib/security/pam_opensc.so /lib/security/pam_opensc.so
+
+Now change one service to use this pam module by default. Keep at least
+one xterm and/or virtual console open as root, so you can undo any
+configuration change, in case it does not work.
+
+Edit for example /etc/pam.d/login and replace
+auth       required   pam_unix.so nullok
+with
+auth       required   pam_opensc.so
+
+If you want to use opensc first, and fall back on normal password based
+authentication, you could use these two lines:
+auth       sufficient pam_opensc.so
+auth       required   pam_unix.so nullok
+
+Note the first line is marked as "sufficient", so successful smart card
+authentication will let a user in. If both lines read "required", a user
+would have to use a smart card with the right key and certificate on it,
+enter the right pin *AND* have the right passwort for the normal login
+procedure.
+
+Now every user needs to create a directory ".eid" in his or her home
+directory and put the certificate in a file called "authorized_certificates".
+To do this, enter the command
+$ pkcs15-tool -r 45 -o ~/.eid/authorized_certificates
+
+Now try to login using the smart card. Remember to first insert your
+smart card into the reader, then enter your username, and then the
+pin on your key.
+
+

QUICKSTART

@@ -3,9 +3,9 @@ A quick installation guide to opensc
 
 To install opensc, please do as user,
 
-$ wget http://www.opensc.org/files/opensc-0.9.1.tar.gz
-$ tar xfvz opensc-0.9.1.tar.gz
-$ cd opensc-0.9.1
+$ wget http://www.opensc.org/files/opensc-0.9.2.tar.gz
+$ tar xfvz opensc-0.9.2.tar.gz
+$ cd opensc-0.9.2
 
 nothing special so far.
 
@@ -212,7 +212,7 @@ line. I usualy copy&paste the command, to make sure I don't mistype
 anything. This command loads the opensc engine, so openssl can delegate
 some work from your computers cpu to the smart card.
 
-OpenSSL> req -engine pkcs11 -new -key slot_1-id_45 -keyform engine -out req.pem -text -x509
+OpenSSL> req -engine pkcs11 -new -key id_45 -keyform engine -out req.pem -text -x509
 SmartCard PIN: 
 You are about to be asked to enter information that will be incorporated
 into your certificate request.

configure.in

@@ -294,6 +294,7 @@ int main(void)
 
 		# latest openssl version with engine
 		# properly integrated?
+		AC_MSG_CHECKING([for openssl version])
 		AC_TRY_RUN(
 		[
 #include <stdlib.h>
@@ -311,9 +312,11 @@ int main(void)
 }
 		],
 		[
+			AC_MSG_RESULT("good, 0.9.7d or later")
 			GOOD_OPENSSL=yes
 		],
 		[
+			AC_MSG_RESULT("not so good, 0.9.7d or later woudl be better")
 			GOOD_OPENSSL=no
 		]
 		)