Angel Yankov
bdc2643c91
* Added pkcs11-eventmgr systemd service unit.
* Updated Russian translations for pam_pkcs11 (thx Max Kosmach and Andrey Cherepanov).
* Fixed possible authentication bypass (CVE-2025-24032):
* Use signatures to verify authentication by default (thx Frank Morgner).
* Fixed possible authentication bypass (CVE-2025-24531):
* Restoring the original card_only / wait_for_card behavior (thx Matthias Gerstner, Frank Morgner).
* Move pam_securetty.so upward in the example PAM config.
* Set 'slot_num' configuration parameter to 0 by default (thx Jpereyra316).
* Print details about configuration parse errors (thx Jpereyra316).
* Add Chinese (Simplified) translation.
* Capitalize all PAM messages (thx Alynx Zhou).
* Made pkcs11_make_hash_link support whitespaces in file names
* Drop 0001-Set-slot_num-configuration-parameter-to-0-by-default.patch
* Drop 0001-memory-leak-fixes.patch
* Rebase pam_pkcs11-0.5.3-nss-conf.patch
* Rebase pam_pkcs11-0.6.0-nss-autoconf.patch
OBS-URL: https://build.opensuse.org/package/show/security:chipcard/pam_pkcs11?expand=0&rev=43
37 lines
1.3 KiB
Diff
37 lines
1.3 KiB
Diff
Index: pam_pkcs11-pam_pkcs11-0.6.13/etc/pam_pkcs11.conf.example.in
|
|
===================================================================
|
|
--- pam_pkcs11-pam_pkcs11-0.6.13.orig/etc/pam_pkcs11.conf.example.in
|
|
+++ pam_pkcs11-pam_pkcs11-0.6.13/etc/pam_pkcs11.conf.example.in
|
|
@@ -9,7 +9,7 @@ pam_pkcs11 {
|
|
nullok = true;
|
|
|
|
# Enable debugging support.
|
|
- debug = true;
|
|
+ debug = false;
|
|
|
|
# Do not prompt the user for the passwords but take them from the
|
|
# PAM_ items instead.
|
|
@@ -48,7 +48,12 @@ pam_pkcs11 {
|
|
screen_savers = xfce4-screensaver, mate-screensaver, gnome-screensaver, kde4-kscreensaver, kscreensaver, xscreensaver;
|
|
|
|
# Filename of the PKCS #11 module. The default value is "default"
|
|
- use_pkcs11_module = opensc;
|
|
+ use_pkcs11_module = nss;
|
|
+
|
|
+ pkcs11_module nss {
|
|
+ nss_dir = /etc/pki/nssdb;
|
|
+ crl_policy = none;
|
|
+ }
|
|
|
|
pkcs11_module opensc {
|
|
module = @libdir@/opensc-pkcs11.so;
|
|
@@ -164,7 +169,7 @@ pam_pkcs11 {
|
|
# If used null mapper should be the last in the list :-)
|
|
# Also you should select at least one mapper, otherwise
|
|
# certificate will not match :-)
|
|
- use_mappers = digest, cn, pwent, uid, mail, subject, null;
|
|
+ use_mappers = ms;
|
|
|
|
# When no absolute path or module info is provided, use this
|
|
# value as module search path
|