Index: pam_pkcs11-pam_pkcs11-0.6.12/etc/pam_pkcs11.conf.example.in =================================================================== --- pam_pkcs11-pam_pkcs11-0.6.12.orig/etc/pam_pkcs11.conf.example.in +++ pam_pkcs11-pam_pkcs11-0.6.12/etc/pam_pkcs11.conf.example.in @@ -9,7 +9,7 @@ pam_pkcs11 { nullok = true; # Enable debugging support. - debug = true; + debug = false; # Do not prompt the user for the passwords but take them from the # PAM_ items instead. @@ -48,7 +48,12 @@ pam_pkcs11 { screen_savers = xfce4-screensaver, mate-screensaver, gnome-screensaver, kde4-kscreensaver, kscreensaver, xscreensaver; # Filename of the PKCS #11 module. The default value is "default" - use_pkcs11_module = opensc; + use_pkcs11_module = nss; + + pkcs11_module nss { + nss_dir = /etc/pki/nssdb; + crl_policy = none; + } pkcs11_module opensc { module = /usr/lib/opensc-pkcs11.so; @@ -162,7 +167,7 @@ pam_pkcs11 { # If used null mapper should be the last in the list :-) # Also you should select at least one mapper, otherwise # certificate will not match :-) - use_mappers = digest, cn, pwent, uid, mail, subject, null; + use_mappers = ms; # When no absolute path or module info is provided, use this # value as module search path