Huie-Ying Lee wrote:
> Hi,
>
>
> I'm a Solaris engineer at Sun Micros. We have been working on porting the
> OpenSC/pam_pkcs11 module, version 0.6.0, to Solaris. During the porting, I
> encountered a couple of build issues and I would appreciate if you can help
> me with them.
>
> Q1: According to the configure.in file, the default value of the "--with-nss"
> option is "No". In my build, I am pretty sure that it was not built with NSS
> on, because the output of build indicated there was no NSS support as below.
>
> ---------------------------------
> Debugging: yes
> DocBook support: yes
> PC/SC support: no
> CURL support: no
> LDAP support: yes
> NSS support: no
> OPENSSL support: yes
> ---------------------------------
>
> However, the resulting module is linked with the NSS libraries.
>
> -----------------------------------------------
> $ldd pam_pkcs11.so
> ....
> libnspr4.so => /usr/lib/mps/libnspr4.so
> libplc4.so => /usr/lib/mps/libplc4.so
> libnss3.so => /usr/lib/mps/libnss3.so
What other libraries are include? Could it be that the Solaris ldap which uses
nss is included?
ldd libldap.so
on Solaris 10 shows it uses /usr/lib/mps/libnss3.so
> ------------------------------------------------
>
> Any hint about the reason that these NSS libraries are linked with
> pam_pkcs11.so ? How can I get rid of them ?
Use OpenLDAP built on OpenSSL :-)
>
>
> Q2: To meet the Solaris file location convention, I changed the default
> location of the pam_pkcs11.conf file in the pam_config.c file. To reserve
> the original code, I used CPP "#ifdef" to differenciate the new code from the
> original code.
> For example, pam_config.c file,
>
> -----------------------------------------------------------------------------------
> 34 struct configuration_st configuration = {
> 35 "/etc/pam_pkcs11/pam_pkcs11.conf", /* char * config_file;
> */
> 36 NULL, /* scconf_context *ctx; */
> -----------------------------------------------------------------------------------
>
A better to do this would be to make the path a define, and change configure.in
to add it to the config.h
> I changed the above code tp the code below and added the -DSUN_SOLARIS flag
> to the Maekfile.am file.
>
> -------------------------------------------------------------------------------------
> struct configuration_st configuration = {
> #ifdef SUN_SOLARIS
> "/etc/security/pam_pkcs11/pam_pkcs11.conf",
> #else
> "/etc/pam_pkcs11/pam_pkcs11.conf", /* char * config_file; */
> #endif
> NULL, /* scconf_context *ctx; */
> -------------------------------------------------------------------------------------
>
> However, the resulting file still picked up the original line. It seems that
> the generated Makefile file doesn't recognize the new "SUN_SOLARIS" flag.
> Currently, I worked around this problem, but I would like to know which file
> that I should update so that the "-DSUN_SOLARIS" will be recognized.
>
Did you run the ./bootstrap after updating the Makefile.am?
>
> Q3: For the NLS support, I found that the only file that has the gettext
> support is the pam_pkcs11.c file which is part of the pam_pkcs11 module. All
> the utility commands under the src/tools directory currently do not have the
> NLS support. Is this correct ?
>
>
> Note that in order to make it work on Solaris, I also made a design change to
> resolve an incompatibility problem between the pam_pkcs11 module and the
> Solaris Cryptographic framework, a PKCS#11 implementation. I will explain
> this problem and my changes in a seperate email later.
>
Are you also working with the Kerberos groups at Sun who are looking pam_krb5
with PKINIT?
In many environments, this is a better way to use smartcardas for logon. You
not only
login to the local machine, you login to the realm/domain...
>
> Thanks,
> Huie-Ying
> _______________________________________________
> opensc-devel mailing list
> [email protected]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
