upstream/oracle/userland-gate: components/pam_pkcs11/files/pam

2008 fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	1	'\" te
6432 e821c64a5943 PSARC/2016/427 PAM_PKCS11 0.6.8 Huie-Ying Lee <huieying.lee@oracle.com> parents: 5029 diff changeset	2	.\" Portions Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
2008 fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	3	.\" This manual page is derived from documentation obtained from the OpenSC organization (www.opensc-project.org). This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it is useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
6731 d80c638073cb PSARC/2016/513 ISA specification for pam_pkcs11.conf Huie-Ying Lee <huieying.lee@oracle.com> parents: 6432 diff changeset	4	.TH pam_pkcs11 7 "30 Aug 2016" "SunOS 5.12" "Standards, Environments, and Macros"
2008 fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	5	.SH NAME
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	6	pam_pkcs11 \- PAM Authentication Module for the PKCS#11 token libraries
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	7	.SH SYNOPSIS
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	8	.LP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	9	.nf
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	10	\fBpam_pkcs11.so\fR [debug] [config_file=\fIfilename\fR]
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	11	.fi
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	12
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	13	.SH DESCRIPTION
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	14	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	15	.LP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	16	The \fBpam_pkcs11\fR module implements \fBpam_sm_authenticate\fR(3PAM), which provides functionality to the PAM authentication stack. This module allows a user to login a system, using a X.509 certificate and its dedicated private key stored in a PKCS#11 token. This module currently supports the RSA algorithm only.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	17	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	18	.LP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	19	To verify the dedicated private key is truly associated with the X.509 certificate, the following verification procedure is performed in this module by default:
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	20	.RS +4
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	21	.TP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	22	.ie t \(bu
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	23	.el o
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	24	Generate 128 random byte data
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	25	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	26	.RS +4
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	27	.TP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	28	.ie t \(bu
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	29	.el o
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	30	Sign the random data with the private key and get a signature. This step is done in the PKCS#11 token.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	31	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	32	.RS +4
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	33	.TP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	34	.ie t \(bu
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	35	.el o
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	36	Verify the signature using the public key extracted from the certificate.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	37	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	38	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	39	.LP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	40	For the verification of the users' certificates, locally stored CA certificates as well as either online or locally accessible CRLs are used.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	41	.SS "PAM CONFIGURATION"
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	42	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	43	.LP
5029 77413b29eb5a 22107485 More Userland component man page normalizations Rich Burridge <rich.burridge@oracle.com> parents: 2008 diff changeset	44	The \fBpam_pkcs11.so\fR service module can be used in the \fB<auth>\fR PAM chain. The program that needs a PAM service should be configured in \fB/etc/pam.conf\fR or \fB/etc/pam.d/\fR\fIservice\fR. For details on how to configure PAM services, see \fBpam.conf\fR(5).
2008 fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	45	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	46	.LP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	47	The following example uses only \fBpam_pkcs11\fR for authentication:
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	48	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	49	.in +2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	50	.nf
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	51	login auth requisite pam_pkcs11.so.1
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	52	login autho required pam_unix_cred.so.1
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	53	.fi
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	54	.in -2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	55
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	56	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	57	.LP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	58	The following example uses \fBpam_pkcs11\fR for authentication with fallback to standard UNIX authentication:
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	59	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	60	.in +2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	61	.nf
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	62	login auth sufficient pam_pkcs11.so.1
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	63	login auth requisite pam_authtok_get.so.1
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	64	login auth required pam_dhkeys.so.1
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	65	login auth required pam_unix_cred.so.1
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	66	login auth required pam_unix_auth.so.1
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	67	.fi
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	68	.in -2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	69
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	70	.SS "PAM_PKCS11 CONFIGURATION"
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	71	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	72	.LP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	73	To configure the \fBpam_pkcs11\fR module, you must have the following information:
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	74	.RS +4
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	75	.TP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	76	.ie t \(bu
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	77	.el o
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	78	Which PKCS #11 token you are going to use
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	79	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	80	.RS +4
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	81	.TP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	82	.ie t \(bu
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	83	.el o
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	84	Which mapper(s) you need, and if needed, how to create and edit the related mapping files
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	85	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	86	.RS +4
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	87	.TP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	88	.ie t \(bu
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	89	.el o
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	90	The root Certificate Authority files, and if required, the Certificate Revocation Lists files
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	91	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	92	.RS +4
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	93	.TP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	94	.ie t \(bu
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	95	.el o
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	96	The list of authorized users to login, and their corresponding certificates
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	97	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	98	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	99	.LP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	100	To configure the \fBpam_pkcs11\fR module, you need to modify the \fBpam_pkcs11.conf\fR configuration file which is in the \fB/etc/security/pam_pkcs11\fR directory by default. For detailed information on how to configure the \fBpam_pkcs11\fR module, see the \fIPAM-PKCS11 User Manual\fR, available at the \fBhttp://www.opensc-project.org/\fR web site, under the \fBPAM PKCS#11\fR link.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	101	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	102	.LP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	103	The following example illustrates how to configure the \fBpam_pkcs11\fR module for a user whose certificate and private key are stored in the Solaris \fBpkcs11_softtoken\fR keystore. This example uses the default certificate verification policy.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	104	.RS +4
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	105	.TP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	106	.ie t \(bu
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	107	.el o
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	108	Set up the PKCS#11 module.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	109	.sp
6731 d80c638073cb PSARC/2016/513 ISA specification for pam_pkcs11.conf Huie-Ying Lee <huieying.lee@oracle.com> parents: 6432 diff changeset	110	On Solaris, the PKCS#11 module should be set to \fB/usr/lib/$ISA/libpkcs11.so.1\fR, the PKCS#11 Cryptographic Framework library.
2008 fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	111	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	112	.RS +4
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	113	.TP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	114	.ie t \(bu
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	115	.el o
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	116	Set up the \fBslot_description\fR entry.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	117	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	118	Specifies the slot to be used. For example, \fBslot_description = "Sun Crypto Softtoken"\fR. The default value for this entry is \fBnone\fR which means to use the first slot with an available token.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	119	.sp
5029 77413b29eb5a 22107485 More Userland component man page normalizations Rich Burridge <rich.burridge@oracle.com> parents: 2008 diff changeset	120	An administrator can use the \fBcryptoadm list -v\fRcommand to find all the available slots and their slot descriptions. For more information, see \fBlibpkcs11\fR(3LIB) and \fBcryptoadm\fR(8).
2008 fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	121	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	122	.RS +4
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	123	.TP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	124	.ie t \(bu
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	125	.el o
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	126	Install or create user certificates and its dedicated private keys in the specific PKCS#11 token.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	127	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	128	.RS +4
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	129	.TP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	130	.ie t \(bu
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	131	.el o
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	132	Set up the certificate verification policy (\fBcert_policy\fR). If needed, set up CA certificate and CRL files.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	133	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	134	The certificate verification policy includes:
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	135	.RS
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	136
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	137	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	138	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	139	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	140	.na
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	141	\fB\fBnone\fR\fR
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	142	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	143	.RS 13n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	144	.rt
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	145	Perform no verification
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	146	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	147
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	148	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	149	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	150	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	151	.na
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	152	\fB\fBca\fR\fR
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	153	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	154	.RS 13n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	155	.rt
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	156	Perform CA check
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	157	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	158
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	159	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	160	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	161	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	162	.na
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	163	\fB\fBsignature\fR\fR
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	164	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	165	.RS 13n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	166	.rt
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	167	Perform a signature check to ensure that private and public key matches
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	168	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	169
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	170	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	171	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	172	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	173	.na
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	174	\fB\fBcrl_\fR\fIxxx\fR\fR
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	175	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	176	.RS 13n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	177	.rt
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	178	Perform various certificate revocation checking
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	179	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	180
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	181	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	182
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	183	As this example uses the default policy, \fBcert_policy = ca,signature\fR, an administer needs to set up the CA certificates.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	184	.RS +4
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	185	.TP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	186	.ie t \(bu
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	187	.el o
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	188	Copy the CA certificate to the \fB/etc/security/pam_pkcs11/cacerts\fR directory.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	189	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	190	A certificate that is self-signed is its own CA certificate. Therefore, in this example, the certificate is placed both in the Softtoken keystore and in the CA certificate directory.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	191	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	192	.RS +4
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	193	.TP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	194	.ie t \(bu
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	195	.el o
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	196	Make hash links for CA certificates
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	197	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	198	.in +2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	199	.nf
6432 e821c64a5943 PSARC/2016/427 PAM_PKCS11 0.6.8 Huie-Ying Lee <huieying.lee@oracle.com> parents: 5029 diff changeset	200	$ /etc/security/pam_pkcs11/pkcs11_make_hash_link \e
2008 fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	201	/etc/security/pam_pkcs11/cacerts
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	202	.fi
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	203	.in -2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	204	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	205
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	206	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	207	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	208	.RS +4
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	209	.TP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	210	.ie t \(bu
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	211	.el o
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	212	Set up the mappers and mapfiles.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	213	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	214	When a X509 certificate is provided, there are no direct ways to map a certificate to a login. The \fBpam_pkcs11\fR module provides a configurable way with mappers to specify \fBcert-to-user\fR mapping.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	215	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	216	Many mappers are provided by the \fBpam_pkcs11\fR module, for example, the common name (CN) mapper, the digest mapper, the Email mapper, or the LDAP mapper.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	217	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	218	A user can configure a mapper list in the \fBpam_pkcs11.conf\fR file. The mappers in the list are used sequentially until the certificate is successfully matched with the user.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	219	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	220	The default mapper list is as follows:
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	221	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	222	.in +2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	223	.nf
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	224	use_mappers = digest, cn, pwent, uid, mail, subject, null;
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	225	.fi
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	226	.in -2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	227	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	228
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	229	Some mappers do not require the specification of a mapfile, for example, the common name mapper. Other mappers require mapfiles, for example, the digest mapper. Some sample mapping files can be found in the \fB/etc/security/pam_pkcs11\fR directory.
6731 d80c638073cb PSARC/2016/513 ISA specification for pam_pkcs11.conf Huie-Ying Lee <huieying.lee@oracle.com> parents: 6432 diff changeset	230	.sp
d80c638073cb PSARC/2016/513 ISA specification for pam_pkcs11.conf Huie-Ying Lee <huieying.lee@oracle.com> parents: 6432 diff changeset	231	.RE
d80c638073cb PSARC/2016/513 ISA specification for pam_pkcs11.conf Huie-Ying Lee <huieying.lee@oracle.com> parents: 6432 diff changeset	232	.RS +4
d80c638073cb PSARC/2016/513 ISA specification for pam_pkcs11.conf Huie-Ying Lee <huieying.lee@oracle.com> parents: 6432 diff changeset	233	The $ISA token in all the module paths is replaced by an implementation defined directory name which defines the path relative to the calling program's instruction set architecture. This allows the pam_pkcs11 module to support both 32 and 64 bit applications co-exist concurrently in the system. For example, for the "module = /usr/lib/$ISA/libpkcs11.so" option, at run time, /usr/lib/64/libpkcs11.so will be loaded for 64 bit applications and /usr/lib/32/libpkcs11.so for 32 bit applications.
2008 fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	234	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	235	.SH OPTIONS
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	236	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	237	.LP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	238	The following options are supported:
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	239	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	240	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	241	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	242	.na
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	243	\fB\fBconfig_file=\fIfilename\fR\fR\fR
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	244	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	245	.RS 24n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	246	.rt
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	247	Specify the configuration file. The default value is \fB/etc/security/pam_pkcs11/pam_pkcs11.conf\fR.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	248	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	249
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	250	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	251	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	252	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	253	.na
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	254	\fB\fBdebug\fR\fR
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	255	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	256	.RS 24n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	257	.rt
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	258	Enable debugging output.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	259	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	260
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	261	.SH FILES
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	262	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	263	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	264	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	265	.na
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	266	\fB\fB/usr/lib/security/pam_pkcs11.so\fR\fR
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	267	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	268	.sp .6
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	269	.RS 4n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	270	\fBpam_pkcs11\fR module
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	271	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	272
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	273	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	274	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	275	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	276	.na
6731 d80c638073cb PSARC/2016/513 ISA specification for pam_pkcs11.conf Huie-Ying Lee <huieying.lee@oracle.com> parents: 6432 diff changeset	277	\fB\fB/usr/lib/pam_pkcs11/$ISA/ldap_mapper.so\fR\fR
2008 fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	278	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	279	.sp .6
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	280	.RS 4n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	281	Mapper module.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	282	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	283
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	284	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	285	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	286	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	287	.na
6731 d80c638073cb PSARC/2016/513 ISA specification for pam_pkcs11.conf Huie-Ying Lee <huieying.lee@oracle.com> parents: 6432 diff changeset	288	\fB\fB/usr/lib/pam_pkcs11/$ISA/opensc_mapper.so\fR\fR
2008 fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	289	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	290	.sp .6
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	291	.RS 4n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	292	Mapper module.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	293	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	294
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	295	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	296	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	297	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	298	.na
6731 d80c638073cb PSARC/2016/513 ISA specification for pam_pkcs11.conf Huie-Ying Lee <huieying.lee@oracle.com> parents: 6432 diff changeset	299	\fB\fB/usr/lib/pam_pkcs11/$ISA/openssh_mapper.so\fR\fR
2008 fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	300	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	301	.sp .6
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	302	.RS 4n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	303	Mapper module.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	304	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	305
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	306	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	307	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	308	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	309	.na
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	310	\fB\fB/etc/security/pam_pkcs11/pam_pkcs11.conf\fR\fR
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	311	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	312	.sp .6
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	313	.RS 4n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	314	Configuration file.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	315	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	316
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	317	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	318	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	319	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	320	.na
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	321	\fB\fB/etc/security/pam_pkcs11/cacerts\fR\fR
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	322	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	323	.sp .6
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	324	.RS 4n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	325	Configuration directory. Stores the CA certificates.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	326	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	327
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	328	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	329	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	330	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	331	.na
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	332	\fB\fB/etc/security/pam_pkcs11/crls\fR\fR
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	333	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	334	.sp .6
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	335	.RS 4n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	336	Configuration directory. Stores the CRL files.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	337	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	338
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	339	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	340	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	341	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	342	.na
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	343	\fB\fB/etc/security/pam_pkcs11/digest_mapping.example\fR\fR
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	344	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	345	.sp .6
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	346	.RS 4n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	347	Sample mapfile.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	348	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	349
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	350	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	351	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	352	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	353	.na
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	354	\fB\fB/etc/security/pam_pkcs11/subject_mapping.example\fR\fR
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	355	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	356	.sp .6
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	357	.RS 4n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	358	Sample mapfile.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	359	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	360
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	361	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	362	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	363	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	364	.na
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	365	\fB\fB/etc/security/pam_pkcs11/mail_mapping.example\fR\fR
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	366	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	367	.sp .6
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	368	.RS 4n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	369	Sample mapfile.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	370	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	371
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	372	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	373	.ne 2
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	374	.mk
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	375	.na
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	376	\fB\fB/etc/security/pam_pkcs11/make_hash_link.sh\fR\fR
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	377	.ad
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	378	.sp .6
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	379	.RS 4n
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	380	Sample script.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	381	.RE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	382
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	383	.SH AUTHORS
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	384	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	385	.LP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	386	\fBPAM-pkcs11\fR was originally written by MarioStrasser , \[email protected]\fR.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	387	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	388	.LP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	389	Newer versions are from Juan Antonio Martinez, \[email protected]\fR
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	390	.SH ATTRIBUTES
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	391	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	392	.LP
5029 77413b29eb5a 22107485 More Userland component man page normalizations Rich Burridge <rich.burridge@oracle.com> parents: 2008 diff changeset	393	See \fBattributes\fR(7) for a description of the following attributes:
2008 fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	394	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	395
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	396	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	397	.TS
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	398	tab() box;
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	399	cw(2.75i) \|cw(2.75i)
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	400	lw(2.75i) \|lw(2.75i)
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	401	.
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	402	ATTRIBUTE TYPEATTRIBUTE VALUE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	403	_
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	404	AvailabilityT{
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	405	library/security/pam/module/pam-pkcs11, SUNWpampkcs11r, SUNWpampkcs11-docs
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	406	T}
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	407	_
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	408	Interface StabilityUncommitted
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	409	.TE
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	410
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	411	.SH SEE ALSO
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	412	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	413	.LP
6432 e821c64a5943 PSARC/2016/427 PAM_PKCS11 0.6.8 Huie-Ying Lee <huieying.lee@oracle.com> parents: 5029 diff changeset	414	\fBcard_eventmgr\fR(1), \fBpkcs11_inspect\fR(1), \fBpklogin_finder\fR(1), \fBcryptoadm\fR(8), \fBlibpkcs11\fR(3LIB)\fBlibpkcs11\fR(3LIB)\fBpam_sm_authenticate\fR(3PAM), \fBpam.conf\fR(5), \fBattributes\fR(7), \fBpkcs11_softtoken\fR(7)
2008 fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	415	.sp
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	416	.LP
fbb3d4972042 18996594 tecla.5, teclarc.5, openssl.5 & pam_pkcs11.5 need to be added to Userland John Beck <John.Beck@Oracle.COM> parents: diff changeset	417	\fIPAM-PKCS11 User Manual\fR, available at the \fBhttp://www.opensc-project.org/\fR web site, under the \fBPAM PKCS#11\fR link.

author	Rich Burridge <rich.burridge@oracle.com>
	Thu, 08 Sep 2016 09:15:40 -0700
changeset 6861	6110892450ff
parent 6731	d80c638073cb
child 7240	66893879cb20
permissions	-rw-r--r--