pam_pkcs11 is a login module allowing a X.509 certificate based user login. The certificate and its dedicated private key are thereby accessed by means of an appropriate PKCS#11 module. For the verification of the users' certificates, locally stored CA certificates as well as either online or locally accessible CRLs are used. PAM-PKCS#11 package provides: A PAM module able to: Use certificates to get user credentials Deduce a login based on provided certificate Several tools: Standalone cert-to-login finder tool Certificate contents viewer Card Event status monitor, to trigger actions on card insert/removal WWW: https://github.com/OpenSC/pam_pkcs11