/usr/lib/pam_pkcs11/pklogin_finder [debug] [config_file=filename]
pklogin_finder uses the pam_pkcs11 library infrastructure to interactively map a PKCS#11 provided certificate to a user.
pklogin_finder uses the same configuration file and arguments than pam_pkcs11(5) PAM module. It loads defined mapper modules and tries to find a map between found certificates and a user login.
The following options are supported:
Set the configuration file.
The default value is /etc/security/pam_pkcs11/pam_pkcs11.conf.
Enable debugging output.
The default is no debug.
As it uses the same configuration file as pam_pkcs11(5), all of the pam_pkcs11 options are available. Some of these options make no sense in a non-PAM environment, and are therefore ignored. Some mapper options (mapfile, ignorecase) have no effect on certificate contents, and they are ignored as well.
The following exit values are returned:
Successful completion.
pkcs11_inspect prints on stdout the login name and exits.
An error occurred.
A user mapping error was found.
An error occurred.
No user match was found.
The following example runs the pklogin_finder command without any options:
% pkcs11_inspectExample 2 Using pklogin_finder with Options
The following example runs the pkcs_finder command with options:
% pklogin_finder debug config_file=${HOME}/.pam_pkcs11.conf
Juan Antonio Martinez, [email protected]
See attributes(5) for descriptions of the following attributes:
|