pam_p11 - simple RSA authentication with PKCS#11 modules
Pam_p11 is a plugable authentication module ( PAM) package for using crpytographic PKCS#11 tokens such as smart cards and usb crypto tokens for local authentication.
Pam_p11 uses libp11 to access any PKCS#11 module but it is primarily developed for and tested with OpenSC PKCS#11.
Pam_p11 implements two authentication modules:
- pam_p11_openssh authenticates the user against public keys found in OpenSSH ~/.ssh/authorized_keys file.
- pam_p11_opensc authenticates the user against certificates found in ~/.eid/authorized_certificates. It is compatible with the older opensc "pam_opensc" authentication module (eid mode).
Pam_p11 is very simple, it has no config file, no options other than the PKCS#11 module file, does not know about certificate chains, certificate authorities, revocation lists or OCSP. Perfect for the small installation with no frills.
Pam_p11 was written by an international team and is licensed as Open Source software under the LGPL license.