This script 'authenticates' a user by checking the serial number of the OpenPGP Card using GnuPG and PCSC.

It might be a good example to get you started for your own authentication system.

 

Example pam configuration:

 

auth sufficient pam_extern.so /lib/security/pam_extern_openpgp.sh

auth required pam_unix.so

auth required pam_tally.so file=/var/log/faillog onerr=succeed no_magic_root

auth required pam_shells.so

auth required pam_nologin.so

 

With this configuration you just have to stick in your card, enter your username and you're logged in. If the authentication against your OpenPGP Card failed you are handed to pam_unix and can log in with your normal password.

You can find this script in the sources in the directory examples/openpgp_serial