An updated pam_pkcs11 package that fixes a bug is now available for Red Hat Enterprise Linux 5.
The pam_pkcs11 package allows X.509 certificate-based user authentication. It provides access to the certificate and its dedicated private key with an appropriate Public Key Cryptographic Standards #11 (PKCS#11) module.
The commands "pklogin_finder" and "pkcs11_inspect", both call "pk_configure" with their entire "argv" array. This includes the command name, which is not recognized as a valid option. Consequently, when running pklogin_finder or pkcs11_inspect, unnecessary error messages were written to the system log in the following format:
pkcs11_inspect: argument /usr/bin/pkcs11_inspect is not supported by this module This update applies a patch that improves the code, and the unnecessary error messages are no longer generated.
All users of pam_pkcs11 are advised to upgrade to this updated package, which fixes this bug.