Moved to [[ApplicationSupport|Using-smart-cards-with-applications]]
OpenSC up to 0.9.6 included its own pam module pam_opensc.
This module was removed in OpenSC 0.10.0.
Instead you can use either of these pam modules:
- Pam_p11 is a very simple pam module, perfect for small and simple setups (no ca, no crl, no signature checks,
simply authenticating with the keys you added to a file). Pam_p11 contains two modules: pam_p11_opensc and pam_p11_openssh. - pam_p11_opensc is the successor of the old pam_opensc module (eid mode). simply add certificates in pem format to the .eid/authorized_certificates file and any smart card with a matching certificate and key can login.
- pam_p11_openssh looks at .ssh/authorized_keys format (the well known openssh file), and lets a user login, if he has a smart card with a matching key.
- Pam_PKCS11 is fully featured, it does all those ca checks, can work with ldap, kerberos and other
mechanisms and has many different so called mappers for a very flexible mapping of smart cards to users.