Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

8.165. pam_pkcs11

Updated pam_pkcs11 packages that fix two bugs are now available for red Hat Enterprise Linux 6.
The pam_pkcs11 package allows X.509 certificate-based user authentication. It provides access to the certificate and its dedicated private key with an appropriate Public Key Cryptographic Standards #11 (PKCS#11) module.

Bug Fixes

The pam_pkcs11 utility generated an incorrect Lightweight Directory Access Protocol (LDAP) URL when attempting to connect to port 636. As a consequence, the connection to that port failed. This update applies a patch to address this bug, and pam_pkcs11 now generates correct LDAP URL in the described scenario.
After adding the coolkey module manually using the full path by running the "modutil -add "CoolKey PKCS #11 Module" -dbdir /etc/pki/nssdb -libfile /usr/lib64/pkcs11/" command, an attempt to log in using a smart card failed. The underlying source code has been modified to fix this bug and the user is now able to log in using the smart cards as expected.
Users of pam_pkcs11 are advised to upgrade to these updated packages, which fix these bugs.