equal
deleted
inserted
replaced
12 |
12 |
13 # Filename of the PKCS #11 module. The default value is "default" |
13 # Filename of the PKCS #11 module. The default value is "default" |
14 use_pkcs11_module = default; |
14 use_pkcs11_module = default; |
15 |
15 |
16 pkcs11_module default { |
16 pkcs11_module default { |
17 module = /usr/lib/64/libpkcs11.so; |
17 module = /usr/lib/$ISA/libpkcs11.so; |
18 description = "Solaris PKCS#11 Cryptographic Framework library"; |
18 description = "Solaris PKCS#11 Cryptographic Framework library"; |
19 |
19 |
20 # Which slot to use? |
20 # Which slot to use? |
21 # You can use "slot_description" or "slot_num", but not both, to specify |
21 # You can use "slot_description" or "slot_num", but not both, to specify |
22 # the slot to use. Using "slot_description" is preferred because the |
22 # the slot to use. Using "slot_description" is preferred because the |
114 |
114 |
115 # When no absolute path or module info is provided, use this |
115 # When no absolute path or module info is provided, use this |
116 # value as module search path |
116 # value as module search path |
117 # TODO: |
117 # TODO: |
118 # This is not still functional: use absolute pathnames or LD_LIBRARY_PATH |
118 # This is not still functional: use absolute pathnames or LD_LIBRARY_PATH |
119 mapper_search_path = /usr/lib/pam_pkcs11/64; |
119 mapper_search_path = /usr/lib/pam_pkcs11/$ISA; |
120 |
120 |
121 # |
121 # |
122 # Generic certificate contents mapper |
122 # Generic certificate contents mapper |
123 mapper generic { |
123 mapper generic { |
124 debug = true; |
124 debug = true; |
143 } |
143 } |
144 |
144 |
145 # Search public keys from $HOME/.ssh/authorized_keys to match users |
145 # Search public keys from $HOME/.ssh/authorized_keys to match users |
146 mapper openssh { |
146 mapper openssh { |
147 debug = false; |
147 debug = false; |
148 module = /usr/lib/pam_pkcs11/openssh_mapper.so; |
148 module = /usr/lib/pam_pkcs11/$ISA/openssh_mapper.so; |
149 } |
149 } |
150 |
150 |
151 # Search certificates from $HOME/.eid/authorized_certificates to match users |
151 # Search certificates from $HOME/.eid/authorized_certificates to match users |
152 mapper opensc { |
152 mapper opensc { |
153 debug = false; |
153 debug = false; |
154 module = /usr/lib/pam_pkcs11/opensc_mapper.so; |
154 module = /usr/lib/pam_pkcs11/$ISA/opensc_mapper.so; |
155 } |
155 } |
156 |
156 |
157 # Certificate Common Name ( CN ) to getpwent() mapper |
157 # Certificate Common Name ( CN ) to getpwent() mapper |
158 mapper pwent { |
158 mapper pwent { |
159 debug = false; |
159 debug = false; |
172 } |
172 } |
173 |
173 |
174 # Directory ( ldap style ) mapper |
174 # Directory ( ldap style ) mapper |
175 mapper ldap { |
175 mapper ldap { |
176 debug = false; |
176 debug = false; |
177 module = /usr/lib/pam_pkcs11/ldap_mapper.so; |
177 module = /usr/lib/pam_pkcs11/$ISA/ldap_mapper.so; |
178 # hostname of ldap server (use LDAP-URI for more then one) |
178 # hostname of ldap server (use LDAP-URI for more then one) |
179 ldaphost = ""; |
179 ldaphost = ""; |
180 # Port on ldap server to connect, this is also the default |
180 # Port on ldap server to connect, this is also the default |
181 # if no port is given in URI below |
181 # if no port is given in URI below |
182 # if empty, then 389 for TLS and 636 for SSL is used |
182 # if empty, then 389 for TLS and 636 for SSL is used |