doc/pam_pkcs11.xml | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/doc/pam_pkcs11.xml b/doc/pam_pkcs11.xml index a073c90..2f036ff 100644 --- a/doc/pam_pkcs11.xml +++ b/doc/pam_pkcs11.xml @@ -240,8 +240,8 @@ rpm -v -i /usr/src/redhat/RPMS/i386/pam_pkcs11-tools-X.Y-Z.i386.rpm class='directory'>/etc/pam_pkcs11/crls/ and /etc/pam_pkcs11/cacerts/ directories corresponding to the configuration file, and fill them with proper - data. The tools/ directory - provides a tool pkcs11_make_hash_link that can + data. OpenSSL package + provides a tool c_rehash that can be used to create hash files on every valid Cert and CRL file. @@ -419,13 +419,12 @@ So the process to setup ca and crl entries is: Copy CA Certificates (either DER or PEM format) to the ca_dir directory - Create hash links to CA certificates with provided - pkcs11_make_hash_link. Note that + Create hash links to CA certificates with + c_rehash. Note that OpenSSL must be installed -cd /etc/pam_pkcs11/cacerts -/usr/bin/pkcs11_make_hash_link +c_rehash /etc/pam_pkcs11/cacerts Repeat above procedure for CRL entries (if used) @@ -593,8 +592,8 @@ The default value is /etc/pam_pkcs11/cacerts/. -Pam-pkcs11 provides a utility: -pkcs11_make_hash_link that can be used to create hash +OpenSSL provides a utility: +c_rehash that can be used to create hash links to certificate files. Hashes are used to check certification validity and revocation. @@ -1182,10 +1181,9 @@ class='directory'>/etc/pam_pkcs11/cacerts/ can be read by any user. -cp testCA-cacert.der /etc/pam_pkcs11/cacerts/ -cd /etc/pam_pkcs11/cacerts -chmod a+r * -pkcs11_make_hash_link +cp testCA-cacert.pem /etc/pam_pkcs11/cacerts/ +chmod a+r /etc/pam_pkcs11/cacerts/* +c_rehash /etc/pam_pkcs11/cacerts