Welcome to pam_p11

Pam_p11 is a plugable authentication module (pam) package for using crpytographic tokens such as smart cards and usb crypto tokens for authentication.

Pam_p11 uses libp11 to access any PKCS#11 module. It should be compatible with any implementation, but it is primarely developed using OpenSC.

Pam_p11 implements two authentication modules:

• pam_p11_openssh authenticates the user using his openssh ~/.ssh/authorized_keys file.
• pam_p11_opensc authenticates the user using certificates found in ~/.eid/authorized_certificates. It is compatible with the older opensc "pam_opensc" authentication module (eid mode).

Pam_p11 is very simple, it has no config file, no options other than the PKCS#11 module file, does not know about certificate chains, certificate authorities, revocation lists or OCSP. Perfect for the small installation with no frills.

Pam_p11 was written by an international team and is licensed as Open Source software under the LGPL license.
For a list of all authors and contributers as well as detailed license information see AuthorsAndCredits.

Starting Points

• QuickStart -- How to install pam_p11 and how to use it in your applications.

• MailingLists -- How to contact us.

• ResourcesLinks -- Standards, Documents, etc.
• All changes are listed in the [file:ChangeLog ChangeLog] in the source code or online.