[Pcsclite-muscle] Pam-pkcs#11 needs a new maintainer(s) soon, or it will die

Ludovic Rousseau ludovic.rousseau
Thu Jun 30 00:51:52 PDT 2016


PAM PKCS#11 [1] is a Pluggable Authentication Module (PAM) using a
PKCS#11 library (smart card, crypto token, etc.). The purpose is to be
able to use a smart card to login to a GNU/Linux system.

With the introduction of OpenSSL 1.1.0 the API has changed and many
software, including pam-pkcs#11, need to be updated to use the new
API. For example see [2] for a patch for OpenSC.

I am the only maintainer of pam-pkcs11 project. I do not use this
software myself any more.
I do not have the free time (and motivation) to invest in a code
change of pam-pkcs11 to support the new OpenSSL API.
If nobody volunteers to do this work then:
- pam-pkcs11 will not work with OpenSSL 1.1.0
- pam-pkcs11 will be removed from the GNU/Linux distributions
- pam-pkcs11 will not be usable any more.

A bug [3] has been opened for Debian: "pam-pkcs11: FTBFS with openssl 1.1.0"
FTBFS is Fails To Build From Source.
When OpenSSL 1.1.0 will be included in Debian pam-pkcs11 will be
removed from Debian, unless someone adds support of the new OpenSSL

If you (or your company) use pam-pkcs11 you should worry about the situation.

RedHat provides [4] pam-pkcs11 to its customers. It could be a good
idea for RedHat to invest some R&D time to take maintenance of the
software to keep its (paying) customers happy.


[1] https://github.com/OpenSC/pam_pkcs11/wiki
[2] https://github.com/OpenSC/OpenSC/pull/749/files
[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828487
[4] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/enabling-smart-card-login.html

 Dr. Ludovic Rousseau

More information about the pcsclite-muscle mailing list