Hello, PAM PKCS#11 [1] is a Pluggable Authentication Module (PAM) using a PKCS#11 library (smart card, crypto token, etc.). The purpose is to be able to use a smart card to login to a GNU/Linux system.
With the introduction of OpenSSL 1.1.0 the API has changed and many software, including pam-pkcs#11, need to be updated to use the new API. For example see [2] for a patch for OpenSC. I am the only maintainer of pam-pkcs11 project. I do not use this software myself any more. I do not have the free time (and motivation) to invest in a code change of pam-pkcs11 to support the new OpenSSL API. If nobody volunteers to do this work then: - pam-pkcs11 will not work with OpenSSL 1.1.0 - pam-pkcs11 will be removed from the GNU/Linux distributions - pam-pkcs11 will not be usable any more. A bug [3] has been opened for Debian: "pam-pkcs11: FTBFS with openssl 1.1.0" FTBFS is Fails To Build From Source. When OpenSSL 1.1.0 will be included in Debian pam-pkcs11 will be removed from Debian, unless someone adds support of the new OpenSSL API. If you (or your company) use pam-pkcs11 you should worry about the situation. RedHat provides [4] pam-pkcs11 to its customers. It could be a good idea for RedHat to invest some R&D time to take maintenance of the software to keep its (paying) customers happy. Regards, [1] https://github.com/OpenSC/pam_pkcs11/wiki [2] https://github.com/OpenSC/OpenSC/pull/749/files [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828487 [4] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/enabling-smart-card-login.html -- Dr. Ludovic Rousseau _______________________________________________ Pcsclite-muscle mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
