doc/pam_pkcs11.xml | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
diff --git a/doc/pam_pkcs11.xml b/doc/pam_pkcs11.xml
index a073c90..2f036ff 100644
--- a/doc/pam_pkcs11.xml
+++ b/doc/pam_pkcs11.xml
@@ -240,8 +240,8 @@ rpm -v -i /usr/src/redhat/RPMS/i386/pam_pkcs11-tools-X.Y-Z.i386.rpm
class='directory'>/etc/pam_pkcs11/crls/ and /etc/pam_pkcs11/cacerts/ directories
corresponding to the configuration file, and fill them with proper
- data. The tools/ directory
- provides a tool pkcs11_make_hash_link that can
+ data. OpenSSL package
+ provides a tool c_rehash that can
be used to create hash files on every valid Cert and CRL
file.
@@ -419,13 +419,12 @@ So the process to setup ca and crl entries is:
Copy CA Certificates (either DER or PEM format) to
the ca_dir directory
- Create hash links to CA certificates with provided
- pkcs11_make_hash_link. Note that
+ Create hash links to CA certificates with
+ c_rehash. Note that
OpenSSL must be installed
-cd /etc/pam_pkcs11/cacerts
-/usr/bin/pkcs11_make_hash_link
+c_rehash /etc/pam_pkcs11/cacerts
Repeat above procedure for CRL entries (if used)
@@ -593,8 +592,8 @@ The default value is /etc/pam_pkcs11/cacerts/.
-Pam-pkcs11 provides a utility:
-pkcs11_make_hash_link that can be used to create hash
+OpenSSL provides a utility:
+c_rehash that can be used to create hash
links to certificate files. Hashes are used to check certification
validity and revocation.
@@ -1182,10 +1181,9 @@ class='directory'>/etc/pam_pkcs11/cacerts/ can be read by
any user.
-cp testCA-cacert.der /etc/pam_pkcs11/cacerts/
-cd /etc/pam_pkcs11/cacerts
-chmod a+r *
-pkcs11_make_hash_link
+cp testCA-cacert.pem /etc/pam_pkcs11/cacerts/
+chmod a+r /etc/pam_pkcs11/cacerts/*
+c_rehash /etc/pam_pkcs11/cacerts