[Bug 165899] Review Request: pam_pkcs11 : PKCS #11 PAM login module
bugzilla at redhat.com
bugzilla at redhat.com
Mon Aug 29 12:17:27 UTC 2005
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: pam_pkcs11 : PKCS #11 PAM login module
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165899
------- Additional Comments From ville.skytta at iki.fi 2005-08-29 08:17 EST -------
More findings, this time actually testing the module:
- Path to pam_pkcs11.conf in the pki patch is wrong, should
be /etc/pki/pkcs11, not /etc/pki/pam_pkcs11.
- pam_pkcs11.conf mentions $HOME/.ssh/authorized_keys for the opensc mapper,
that's almost certainly wrong and should probably be
$HOME/.eid/authorized_certificates
- Security: all /etc/pki/pkcs11/*_mappers contain _enabled_ example entries,
they should be commented out or removed.
- Undefined symbols: trying to use the opensc mapper (with debug on) barfs:
[...]
DEBUG:mapper_mgr.c:77: dlopen failed for module: opensc
path: /usr/lib/pam_pkcs11/opensc_mapper.so
Error: /usr/lib/pam_pkcs11/opensc_mapper.so: undefined symbol: is_empty_str
DEBUG:mapper_mgr.c:77: dlopen failed for module: null
path: /usr/lib/pam_pkcs11/null_mapper.so
Error: /usr/lib/pam_pkcs11/null_mapper.so: undefined symbol: mapper_find_user
[...]
- Note: FC-3 doesn't have /etc/pki; you decide whether that matters and
whether to do something about it in this package.
- Cosmetics from comment 3 (feel free to ignore, won't mention these again):
0.5.2-1 changelog still mentions --disable-static being used, but it's not.
Also, the double ownership of the /etc/pki/pkcs11 dir remains in main and
-tools %files.
- /usr/bin/make_hash_link.sh smells a bit too generic IMHO, could consider
moving it eg. to /etc/pki/pkcs11, you decide.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the fedora-extras-list
mailing list