small configure improvements, documentation updates.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1873 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
939d3a7406
commit
3534e4e7e2
21
ANNOUNCE
21
ANNOUNCE
|
@ -1,9 +1,9 @@
|
|||
|
||||
|
||||
OpenSC Release 0.8.1
|
||||
OpenSC Release 0.9.2
|
||||
====================
|
||||
|
||||
We are pleased to announce the availability of OpenSC 0.8.1.
|
||||
We are pleased to announce the availability of OpenSC 0.9.2.
|
||||
This is a beta version, intended for testing. Please be careful
|
||||
and do not use this software on production machines.
|
||||
|
||||
OpenSC provides a set of libraries and utilities to access smart
|
||||
cards. Its main focus is on cards that support cryptographic operations,
|
||||
|
@ -15,7 +15,8 @@ OpenSC can be used with the following applications and libraries:
|
|||
- Netscape Communicator and Mozilla (through its PKCS#11 module),
|
||||
for secure email (S/MIME) and SSL authentication
|
||||
- OpenSSH, for user authentication
|
||||
- FreeSWAN, for authentication and key management
|
||||
- FreeSWAN, StrongSWAN and OpenSWAN,
|
||||
for authentication and key management
|
||||
- OpenSSL, for key and certificate storage, key generation and
|
||||
signing of certificate requests
|
||||
- GNUpg 1.9 (experimental), for key storage
|
||||
|
@ -38,16 +39,16 @@ The following card operating systems are supported at the moment (where
|
|||
read-only means that personalized cards can be used, but OpenSC does not
|
||||
provide personalization support for these).
|
||||
|
||||
- Gemplus GPK cards (except Gemsafe)
|
||||
- Schlumberger Cryptoflex
|
||||
- CardOS/M4 (Aladdin eToken PRO, etc)
|
||||
- Starcos SPK (read-only)
|
||||
- Micardo (read-only)
|
||||
- Schlumberger/Axalto Cryptoflex and Cyberflex
|
||||
- IBM JCOP
|
||||
- Starcos SPK
|
||||
- Oberthur AuthentIC v5
|
||||
- Estonian ID card (read-only)
|
||||
- MioCOS (read-only)
|
||||
- Setcos (read-only)
|
||||
- TCOS (read-only)
|
||||
|
||||
Note that Java cards are not supported at the moment.
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
SUBDIRS = . aclocal docs etc macos src win32
|
||||
|
||||
EXTRA_DIST = ANNOUNCE CodingStyle QUICKSTART README bootstrap Makefile.mak depcomp
|
||||
EXTRA_DIST = ANNOUNCE CodingStyle PAM_README QUICKSTART README bootstrap Makefile.mak depcomp
|
||||
|
||||
MAINTAINERCLEANFILES = \
|
||||
Makefile.in config.h.in configure \
|
||||
|
|
18
NEWS
18
NEWS
|
@ -1,5 +1,23 @@
|
|||
NEWS for OpenSC -- History of user visible changes
|
||||
|
||||
New in 0.9.2; 2004-07-24; Andreas Jellinghaus:
|
||||
* This is an beta test version. Please be careful.
|
||||
Do not use in production environments.
|
||||
* Fix sslengine, link those dynamicaly with libcrypto
|
||||
for openssl 0.9.7d and later.
|
||||
* fixed small bug in pkcs11-tool
|
||||
* link pkcs11-toll and pkcs15-crypt with -lcrypto
|
||||
* New driver for estonian ID card.
|
||||
* bumped version number to opensc 0.9.2
|
||||
* New card supported: Oberthur AuthentIC v5
|
||||
* eid pam module now checks permissions, and supports several
|
||||
certificates in ~/.eid/authorized_certificates
|
||||
Thanks to Fritz Elfert <fritz.elfert@millenux.com>
|
||||
* Upgrade library version to 0.9, since incompatible changes
|
||||
are very likely somewhere.
|
||||
* Merged several pkcs15 profiles into one with different
|
||||
options.
|
||||
|
||||
New in 0.8.1; 2003-09-30; Olaf Kirch:
|
||||
* Upgrade libopensc versioning, hasn't been
|
||||
accidently upgraded since 0.6.0 release
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
Quick start guide to using the pam module
|
||||
=========================================
|
||||
|
||||
The pam module supports two different flavors:
|
||||
a) "eid" - store the certificate for a user in that
|
||||
users home directory in a file called ".eid/authorized_certificates"
|
||||
b) "ldap" - store the certificate for a user in a central ldap
|
||||
repository
|
||||
|
||||
This guide only deals with flavor a). If you want to add documentation
|
||||
on using pam with ldap, please send a patch to the opensc-devel mailing
|
||||
list.
|
||||
|
||||
First initialize the token, create a user with a pin, create a key
|
||||
and create a certificate, all as documented in the QUICKSTART file.
|
||||
|
||||
|
||||
The first thing is to copy the opensc pam module to the right location.
|
||||
Pam modules are searched for in the directory /lib/security/.
|
||||
$ cp /usr/lib/security/pam_opensc.so /lib/security/pam_opensc.so
|
||||
|
||||
Now change one service to use this pam module by default. Keep at least
|
||||
one xterm and/or virtual console open as root, so you can undo any
|
||||
configuration change, in case it does not work.
|
||||
|
||||
Edit for example /etc/pam.d/login and replace
|
||||
auth required pam_unix.so nullok
|
||||
with
|
||||
auth required pam_opensc.so
|
||||
|
||||
If you want to use opensc first, and fall back on normal password based
|
||||
authentication, you could use these two lines:
|
||||
auth sufficient pam_opensc.so
|
||||
auth required pam_unix.so nullok
|
||||
|
||||
Note the first line is marked as "sufficient", so successful smart card
|
||||
authentication will let a user in. If both lines read "required", a user
|
||||
would have to use a smart card with the right key and certificate on it,
|
||||
enter the right pin *AND* have the right passwort for the normal login
|
||||
procedure.
|
||||
|
||||
Now every user needs to create a directory ".eid" in his or her home
|
||||
directory and put the certificate in a file called "authorized_certificates".
|
||||
To do this, enter the command
|
||||
$ pkcs15-tool -r 45 -o ~/.eid/authorized_certificates
|
||||
|
||||
Now try to login using the smart card. Remember to first insert your
|
||||
smart card into the reader, then enter your username, and then the
|
||||
pin on your key.
|
||||
|
||||
|
|
@ -3,9 +3,9 @@ A quick installation guide to opensc
|
|||
|
||||
To install opensc, please do as user,
|
||||
|
||||
$ wget http://www.opensc.org/files/opensc-0.9.1.tar.gz
|
||||
$ tar xfvz opensc-0.9.1.tar.gz
|
||||
$ cd opensc-0.9.1
|
||||
$ wget http://www.opensc.org/files/opensc-0.9.2.tar.gz
|
||||
$ tar xfvz opensc-0.9.2.tar.gz
|
||||
$ cd opensc-0.9.2
|
||||
|
||||
nothing special so far.
|
||||
|
||||
|
@ -212,7 +212,7 @@ line. I usualy copy&paste the command, to make sure I don't mistype
|
|||
anything. This command loads the opensc engine, so openssl can delegate
|
||||
some work from your computers cpu to the smart card.
|
||||
|
||||
OpenSSL> req -engine pkcs11 -new -key slot_1-id_45 -keyform engine -out req.pem -text -x509
|
||||
OpenSSL> req -engine pkcs11 -new -key id_45 -keyform engine -out req.pem -text -x509
|
||||
SmartCard PIN:
|
||||
You are about to be asked to enter information that will be incorporated
|
||||
into your certificate request.
|
||||
|
|
|
@ -294,6 +294,7 @@ int main(void)
|
|||
|
||||
# latest openssl version with engine
|
||||
# properly integrated?
|
||||
AC_MSG_CHECKING([for openssl version])
|
||||
AC_TRY_RUN(
|
||||
[
|
||||
#include <stdlib.h>
|
||||
|
@ -311,9 +312,11 @@ int main(void)
|
|||
}
|
||||
],
|
||||
[
|
||||
AC_MSG_RESULT("good, 0.9.7d or later")
|
||||
GOOD_OPENSSL=yes
|
||||
],
|
||||
[
|
||||
AC_MSG_RESULT("not so good, 0.9.7d or later woudl be better")
|
||||
GOOD_OPENSSL=no
|
||||
]
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue