diff options
author | ale <ale@FreeBSD.org> | 2006-06-13 01:00:25 +0800 |
---|---|---|
committer | ale <ale@FreeBSD.org> | 2006-06-13 01:00:25 +0800 |
commit | 9be81d4adcca26c92b37fa3373b989cd40ea97c0 (patch) | |
tree | a2e28f4a3db61d423864fe6116623d342afa659e /security | |
parent | f48c3b6ef88ac8e5284ebf01be3a07500ffa5d59 (diff) | |
download | freebsd-ports-gnome-9be81d4adcca26c92b37fa3373b989cd40ea97c0.tar.gz freebsd-ports-gnome-9be81d4adcca26c92b37fa3373b989cd40ea97c0.tar.zst freebsd-ports-gnome-9be81d4adcca26c92b37fa3373b989cd40ea97c0.zip |
Pam_p11 is a plugable authentication module (pam) package
for using crpytographic tokens such as smart cards and
usb crypto tokens for authentication.
Pam_p11 uses libp11 to access any PKCS#11 module.
It should be compatible with any implementation, but it
is primarely developed using OpenSC.
Pam_p11 implements two authentication modules:
* pam_p11_openssh authenticates the user using his
openssh ~/.ssh/authorized_keys file.
* pam_p11_opensc authenticates the user using
certificates found in ~/.eid/authorized_certificates.
Pam_p11 is very simple, it has no config file, no options
other than the PKCS#11 module file, does not know about
certificate chains, certificate authorities, revocation
lists or OCSP. Perfect for the small installation with no
frills.
WWW: http://www.opensc-project.org/pam_p11/
Diffstat (limited to 'security')
-rw-r--r-- | security/Makefile | 1 | ||||
-rw-r--r-- | security/pam_p11/Makefile | 35 | ||||
-rw-r--r-- | security/pam_p11/distinfo | 3 | ||||
-rw-r--r-- | security/pam_p11/files/patch-configure | 20 | ||||
-rw-r--r-- | security/pam_p11/files/patch-src_pam_p11.c | 11 | ||||
-rw-r--r-- | security/pam_p11/files/patch-src_test.c | 11 | ||||
-rw-r--r-- | security/pam_p11/pkg-descr | 24 | ||||
-rw-r--r-- | security/pam_p11/pkg-plist | 3 |
8 files changed, 108 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index 571b034f432f..a2be8fd688bb 100644 --- a/security/Makefile +++ b/security/Makefile @@ -452,6 +452,7 @@ SUBDIR += pam_krb5 SUBDIR += pam_ldap SUBDIR += pam_mkhomedir + SUBDIR += pam_p11 SUBDIR += pam_per_user SUBDIR += pam_pgina SUBDIR += pam_pop3 diff --git a/security/pam_p11/Makefile b/security/pam_p11/Makefile new file mode 100644 index 000000000000..d1b1bed63e0b --- /dev/null +++ b/security/pam_p11/Makefile @@ -0,0 +1,35 @@ +# New ports collection makefile for: pam_p11 +# Date created: 1 Jun 2006 +# Whom: Alex Dupre <ale@FreeBSD.org> +# +# $FreeBSD$ +# + +PORTNAME= pam_p11 +PORTVERSION= 0.1.2 +CATEGORIES= security +MASTER_SITES= http://www.opensc-project.org/files/${PORTNAME}/ + +MAINTAINER= ale@FreeBSD.org +COMMENT= A PAM module using crypto tokens for auth + +LIB_DEPENDS= p11.1:${PORTSDIR}/security/libp11 + +USE_OPENSSL= yes +GNU_CONFIGURE= yes +USE_GNOME= pkgconfig + +CONFIGURE_ENV= OPENSSL_CFLAGS="-I${OPENSSLINC}" \ + OPENSSL_LIBS="-L${OPENSSLLIB} -lssl" + +DOC_FILES= README *.sh *.xsl *.css *.html + +PORTDOCS= * + +.ifndef(NOPORTDOCS) +post-install: + @${MKDIR} ${DOCSDIR} + @(cd ${WRKSRC}/doc && ${CP} -R ${DOC_FILES} ${DOCSDIR}) +.endif + +.include <bsd.port.mk> diff --git a/security/pam_p11/distinfo b/security/pam_p11/distinfo new file mode 100644 index 000000000000..eb7ac06a4b96 --- /dev/null +++ b/security/pam_p11/distinfo @@ -0,0 +1,3 @@ +MD5 (pam_p11-0.1.2.tar.gz) = de550f9d7cf921a7b8e35901e6bbfa25 +SHA256 (pam_p11-0.1.2.tar.gz) = 8e884842865f7f3b54f2aa2f187d781210863c8596b9fca94065bfbd4dc1a8a2 +SIZE (pam_p11-0.1.2.tar.gz) = 313774 diff --git a/security/pam_p11/files/patch-configure b/security/pam_p11/files/patch-configure new file mode 100644 index 000000000000..dc08d1710120 --- /dev/null +++ b/security/pam_p11/files/patch-configure @@ -0,0 +1,20 @@ +--- configure.orig Thu Jun 1 15:05:28 2006 ++++ configure Thu Jun 1 15:07:47 2006 +@@ -20823,7 +20823,7 @@ + (exit $ac_status); }; then + pkg_cv_OPENSSL_CFLAGS=`$PKG_CONFIG --cflags "openssl" 2>/dev/null` + else +- pkg_failed=yes ++ pkg_cv_OPENSSL_CFLAGS=$ac_cv_env_OPENSSL_CFLAGS_value + fi + else + pkg_failed=untried +@@ -20837,7 +20837,7 @@ + (exit $ac_status); }; then + pkg_cv_OPENSSL_LIBS=`$PKG_CONFIG --libs "openssl" 2>/dev/null` + else +- pkg_failed=yes ++ pkg_cv_OPENSSL_LIBS=$ac_cv_env_OPENSSL_LIBS_value + fi + else + pkg_failed=untried diff --git a/security/pam_p11/files/patch-src_pam_p11.c b/security/pam_p11/files/patch-src_pam_p11.c new file mode 100644 index 000000000000..c0bc737fbbf0 --- /dev/null +++ b/security/pam_p11/files/patch-src_pam_p11.c @@ -0,0 +1,11 @@ +--- src/pam_p11.c.orig Sun Jun 11 21:16:46 2006 ++++ src/pam_p11.c Sun Jun 11 21:17:53 2006 +@@ -39,7 +39,7 @@ + #define LOGNAME "pam_p11" /* name for log-file entries */ + + #define RANDOM_SOURCE "/dev/urandom" +-#define RANDOM_SIZE 128 ++#define RANDOM_SIZE 64 + #define MAX_SIGSIZE 256 + + extern int match_user(X509 * x509, const char *login); diff --git a/security/pam_p11/files/patch-src_test.c b/security/pam_p11/files/patch-src_test.c new file mode 100644 index 000000000000..08158257b8d6 --- /dev/null +++ b/security/pam_p11/files/patch-src_test.c @@ -0,0 +1,11 @@ +--- src/test.c.orig Thu Jun 1 15:13:06 2006 ++++ src/test.c Thu Jun 1 15:13:15 2006 +@@ -2,7 +2,7 @@ + #include <stdlib.h> + + #include <security/pam_appl.h> +-#include <security/pam_misc.h> ++#include <security/pam_modules.h> + + int main(int argc, char **argv) + { diff --git a/security/pam_p11/pkg-descr b/security/pam_p11/pkg-descr new file mode 100644 index 000000000000..9865f03da7d0 --- /dev/null +++ b/security/pam_p11/pkg-descr @@ -0,0 +1,24 @@ +Pam_p11 is a plugable authentication module (pam) package +for using crpytographic tokens such as smart cards and +usb crypto tokens for authentication. + +Pam_p11 uses libp11 to access any PKCS#11 module. +It should be compatible with any implementation, but it +is primarely developed using OpenSC. + +Pam_p11 implements two authentication modules: + * pam_p11_openssh authenticates the user using his + openssh ~/.ssh/authorized_keys file. + * pam_p11_opensc authenticates the user using + certificates found in ~/.eid/authorized_certificates. + +Pam_p11 is very simple, it has no config file, no options +other than the PKCS#11 module file, does not know about +certificate chains, certificate authorities, revocation +lists or OCSP. Perfect for the small installation with no +frills. + +WWW: http://www.opensc-project.org/pam_p11/ + +- Alex Dupre +ale@FreeBSD.org diff --git a/security/pam_p11/pkg-plist b/security/pam_p11/pkg-plist new file mode 100644 index 000000000000..c59242f132b4 --- /dev/null +++ b/security/pam_p11/pkg-plist @@ -0,0 +1,3 @@ +lib/security/pam_p11_opensc.so +lib/security/pam_p11_openssh.so +@dirrmtry lib/security |