Menu
▾
▴
Re: [Opensc-devel] Pam-pkcs#11 needs a new maintainer(s) soon, or it will die
|
From: Douglas E E. <dee...@gm...> - 2016-08-22 17:45:05
|
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Looking at the code, it loos like it is only parsing the certificate
and getting public keys and other values from the certificate.<br>
It does not include rsa.h, but does include bn.h<br>
It looks like it would not take very much effort to use a stripped
down version of the cs-ossl-compat.h from OpenSC
<a class="moz-txt-link-freetext" href="https://github.com/OpenSC/OpenSC/pull/853">https://github.com/OpenSC/OpenSC/pull/853</a><br>
<br>
I don't use it, so someone is still needed to do some testing. <br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 8/22/2016 4:12 AM, Ludovic Rousseau
wrote:<br>
</div>
<blockquote
cite="mid:CAGstE8AawRSXGOTVgBvg6u0=0PN...@ma..."
type="cite">
<div dir="ltr">
<div>
<div>Hello,<br>
<br>
After 2 months with no volunteer to take care of pam-pkcs#11
I created a new README.md page on the github project to
indicate the project is no more maintained.<br>
<a moz-do-not-send="true"
href="https://github.com/OpenSC/pam_pkcs11/blob/master/README.md">https://github.com/OpenSC/pam_pkcs11/blob/master/README.md</a><br>
<br>
</div>
I will also orphan the Debian package.<br>
I guess the Debian (and Ubuntu) package will be remove once
OpenSSL 1.1.0 is included in Debian and pam-pkcs#11 can't be
rebuild.<br>
<br>
</div>
Regards,<br>
<div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2016-06-30 9:51 GMT+02:00
Ludovic Rousseau <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:lud...@gm..."
target="_blank">lud...@gm...</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
PAM PKCS#11 [1] is a Pluggable Authentication Module
(PAM) using a<br>
PKCS#11 library (smart card, crypto token, etc.).
The purpose is to be<br>
able to use a smart card to login to a GNU/Linux
system.<br>
<br>
With the introduction of OpenSSL 1.1.0 the API has
changed and many<br>
software, including pam-pkcs#11, need to be updated
to use the new<br>
API. For example see [2] for a patch for OpenSC.<br>
<br>
I am the only maintainer of pam-pkcs11 project. I do
not use this<br>
software myself any more.<br>
I do not have the free time (and motivation) to
invest in a code<br>
change of pam-pkcs11 to support the new OpenSSL API.<br>
If nobody volunteers to do this work then:<br>
- pam-pkcs11 will not work with OpenSSL 1.1.0<br>
- pam-pkcs11 will be removed from the GNU/Linux
distributions<br>
- pam-pkcs11 will not be usable any more.<br>
<br>
A bug [3] has been opened for Debian: "pam-pkcs11:
FTBFS with openssl 1.1.0"<br>
FTBFS is Fails To Build From Source.<br>
When OpenSSL 1.1.0 will be included in Debian
pam-pkcs11 will be<br>
removed from Debian, unless someone adds support of
the new OpenSSL<br>
API.<br>
<br>
If you (or your company) use pam-pkcs11 you should
worry about the situation.<br>
<br>
RedHat provides [4] pam-pkcs11 to its customers. It
could be a good<br>
idea for RedHat to invest some R&D time to take
maintenance of the<br>
software to keep its (paying) customers happy.<br>
<br>
Regards,<br>
<br>
[1] <a moz-do-not-send="true"
href="https://github.com/OpenSC/pam_pkcs11/wiki"
rel="noreferrer" target="_blank">https://github.com/OpenSC/pam_<wbr>pkcs11/wiki</a><br>
[2] <a moz-do-not-send="true"
href="https://github.com/OpenSC/OpenSC/pull/749/files"
rel="noreferrer" target="_blank">https://github.com/OpenSC/<wbr>OpenSC/pull/749/files</a><br>
[3] <a moz-do-not-send="true"
href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828487"
rel="noreferrer" target="_blank">https://bugs.debian.org/cgi-<wbr>bin/bugreport.cgi?bug=828487</a><br>
[4] <a moz-do-not-send="true"
href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/enabling-smart-card-login.html"
rel="noreferrer" target="_blank">https://access.redhat.com/<wbr>documentation/en-US/Red_Hat_<wbr>Enterprise_Linux/6/html/<wbr>Managing_Smart_Cards/enabling-<wbr>smart-card-login.html</a><br>
<span class=""><font color="#888888"><br>
--<br>
Dr. Ludovic Rousseau<br>
</font></span></blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="gmail_signature"
data-smartmail="gmail_signature"> Dr. Ludovic Rousseau</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">------------------------------------------------------------------------------
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Opensc-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Ope...@li...">Ope...@li...</a>
<a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/opensc-devel">https://lists.sourceforge.net/lists/listinfo/opensc-devel</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="200">--
Douglas E. Engert <a class="moz-txt-link-rfc2396E" href="mailto:DEE...@gm..."><DEE...@gm...></a>
</pre>
</body>
</html>
|
