PAM_pkcs#11 is a Linux-PAM login module that
allows a X.509 certificate based user login. The
certificate and its dedicated private key are
thereby accessed by means of an appropriate PKCS
#11 module. For the verification of the users'
certificates, locally stored CA certificates as
well as either online or locally accessible CRLs
are used. A very flexible, stackable, and
configurable Certificate-To-Login mapping scheme
is provided to deduce/verify the username to log
in.