GNU/Linux uses PAM (Pluggable Authentication Modules) to authenticate using a variety of methods.
PAM is installed on every workstation. PAM documentation can be read in details: The Linux-PAM System Administrators' Guide.
PAM_PKCS11 is an OpenSC project designed for authentication using smartcards and X.509 certificates. You can visit OpenSC Pam-PKCS11 page for information: http://www.opensc-project.org/pam_pkcs11/
Pam-PKCS11 offers the following features:
- Verification of X.509 certificates against locally stored certificates.
- Verification of X.509 certificates against Certification Authorities.
- Certificate Revocation List (CRL).
- Verification of X.509 certificates against Certification Authorities.
- Automatic and custom Mapping rules from X.509 certificates to users.
- Tools to handle screen saver when the card is removed/inserted.
- Tools to inspect the content of certificates.
In a production environment, PAM-PKCS11 should be preferred over PAM-P11 as it offers more features, including certificate verification and revocation. For users who need to manage simple access, read our tutorial GNU/Linux smart card logon using PAM-P11.
Bookmark/Search this post with
Blinklist
del.icio.us
Digg
Facebook
Favorite
Google
Google Buzz
Icerocket
LinkedIn
Newsvine
Propeller
Reddit
SlashDot
StumbleUpon
Technorati
Twitter
Yahoo
Printer-friendly version- 3260 reads
PDF version
