[Bug 165899] Review Request: pam_pkcs11 : PKCS #11 PAM login module

bugzilla at redhat.com bugzilla at redhat.com
Mon Aug 29 12:17:27 UTC 2005 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: pam_pkcs11 : PKCS #11 PAM login module


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165899





------- Additional Comments From ville.skytta at iki.fi  2005-08-29 08:17 EST -------
More findings, this time actually testing the module:    
    
- Path to pam_pkcs11.conf in the pki patch is wrong, should     
  be /etc/pki/pkcs11, not /etc/pki/pam_pkcs11.    
    
- pam_pkcs11.conf mentions $HOME/.ssh/authorized_keys for the opensc mapper,    
  that's almost certainly wrong and should probably be     
  $HOME/.eid/authorized_certificates    
    
- Security: all /etc/pki/pkcs11/*_mappers contain _enabled_ example entries,    
  they should be commented out or removed.    
    
- Undefined symbols: trying to use the opensc mapper (with debug on) barfs:    
[...]    
DEBUG:mapper_mgr.c:77: dlopen failed for module:  opensc    
path: /usr/lib/pam_pkcs11/opensc_mapper.so    
Error: /usr/lib/pam_pkcs11/opensc_mapper.so: undefined symbol: is_empty_str    
DEBUG:mapper_mgr.c:77: dlopen failed for module:  null    
path: /usr/lib/pam_pkcs11/null_mapper.so    
Error: /usr/lib/pam_pkcs11/null_mapper.so: undefined symbol: mapper_find_user    
[...]    
    
- Note: FC-3 doesn't have /etc/pki; you decide whether that matters and   
  whether to do something about it in this package.   
    
- Cosmetics from comment 3 (feel free to ignore, won't mention these again):  
  0.5.2-1 changelog still mentions --disable-static being used, but it's not.   
  Also, the double ownership of the /etc/pki/pkcs11 dir remains in main and 
  -tools %files. 
 
- /usr/bin/make_hash_link.sh smells a bit too generic IMHO, could consider 
  moving it eg. to /etc/pki/pkcs11, you decide. 

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the fedora-extras-list mailing list