The following examples were tested under SuSE Linux 7.2 i386 systems.
# Configuration file for pcsc-lite FRIENDLYNAME "Schlumberger Reflex 62" DEVICENAME GEN_SMART_RDR LIBPATH /usr/local/lib/libslb_rf60.so CHANNELID 0x0102F8 FRIENDLYNAME "Towitoko Chipdrive Micro" DEVICENAME TOWITOKO_CHIPDRIVE_MICRO LIBPATH /usr/local/lib/libtowitoko.so CHANNELID 0x000001 # End of file |
# Author: Mario Strasser (mast@gmx.net)
# Martin Saegesser (m.sagi@bluemail.ch)
#
# init.d/pcsc
#
# and symbolic its link
#
# /sbin/pcsc
#
# System startup script for the PC/SC daemon
#
### BEGIN INIT INFO
# Provides: pcsc
# Required-Start:
# Required-Stop:
# Default-Start: S 1 2 3 5
# Default-Stop: 0 6
# Description: Start the PC/SC daemon
### END INIT INFO
# Source SuSE config
. /etc/rc.config
# Determine the base and follow a runlevel link name.
base=${0##*/}
link=${base#*[SK][0-9][0-9]}
# Force execution if not called by a runlevel directory.
# test $link = $base && START_PCSC=yes
# test "$START_PCSC" = yes || exit 0
PCSC_BIN=/usr/sbin/pcscd
test -x $PCSC_BIN || exit 5
. /etc/rc.status
# First reset status of this service
rc_reset
case "$1" in
start)
echo -n "Starting PC/SC daemon (pcscd)"
## Start daemon with startproc(8). If this fails
## the echo return value is set appropriate.
# startproc should return 0, even if service is
# already running to match LSB spec.
startproc $PCSC_BIN 2>&1
# Remember status and be verbose
rc_status -v
;;
stop)
echo -n "Shutting down PC/SC daemon (pcscd)"
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
killproc -TERM $PCSC_BIN
# Remember status and be verbose
rc_status -v
;;
restart|reload)
## Stop the service and if this succeeds (i.e. the
## service was running before), start it again.
$0 stop && $0 start
# Remember status and be quiet
rc_status
;;
status)
echo -n "Checking for PC/SC daemon (pcscd): "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# If checkproc would return LSB compliant ret values,
# things could be a little bit easier here. This will
# probably soon be the case ...
checkproc $PCSC_BIN; rc=$?
if test $rc = 0; then echo "OK"
else echo "No process"
if test -e /var/run/FOO.pid;
then exit 1
else exit 3
fi
fi
#rc_status
;;
*)
echo "Usage: $0 {start|stop|status|restart|reload}"
exit 1
;;
esac
rc_exit |
# CA-Directory ca_dir = /Root_CA/ # Relative DN for CA (Relative to BASE) ca_rdn = Root_CA # ldap.conf ldap_conf = /etc/openldap/ldap.conf # ldap password-file ldap_password = /etc/openldap/ldap.secret |
BASE o=zhw, c=ch HOST ksy006.zhwin.ch PORT 389 ROOTBINDDN cn=admin, o=zhw, c=ch nss_base_passwd ou=people, o=zhw, c=ch?one nss_base_shadow ou=people, o=zhw, c=ch?one nss_base_group ou=group, o=zhw, c=ch?one sslpath /etc/cacerts ssl start_tls SIZELIMIT 500 TIMELIMIT 15 DEREF never |
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
loglevel 256
schemacheck on
sizelimit 5000
timelimit 3600
#
# database
#
database ldbm
lastmod off
cachesize 1000
dbcachesize 100000
directory /var/lib/ldap
suffix "o=zhw, c=ch"
rootdn "cn=Admin, o=zhw, c=ch"
rootpw linux
#
# access rights
#
defaultaccess read
access to dn="ch=Admin, o=zhw, c=ch"
by * none
access to *
by * read
# SSL server
TLSCertificateFile /etc/openldap/ServerCert.pem
TLSCertificateKeyFile /etc/openldap/ServerKey.pem
TLSCipherSuite HIGH:MEDIUM
TLSVerifyClient false |
#%PAM-1.0 auth sufficient /lib/security/pam_rootok.so auth required /lib/security/pam_smartcard.so reader=0 cadir=/etc/cacerts account required /lib/security/pam_unix.so password required /lib/security/pam_unix.so #session required /lib/security/pam_homecheck.so session required /lib/security/pam_unix.so debug # none or trace |
#%PAM-1.0 auth required /lib/security/pam_smartcard.so reader=0 cadir=/etc/cacerts/ auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so #auth required /lib/security/pam_homecheck.so auth required /lib/security/pam_env.so auth required /lib/security/pam_mail.so account required /lib/security/pam_unix.so password required /lib/security/pam_pwcheck.so nullok password required /lib/security/pam_unix.so nullok use_first_pass use_authtok session required /lib/security/pam_unix.so none # debug or trace session required /lib/security/pam_limits.so |
#%PAM-1.0 auth required /lib/security/pam_smartcard.so reader=0 cadir=/etc/cacerts account required /lib/security/pam_unix.so password required /lib/security/pam_unix.so session required /lib/security/pam_unix.so session required /lib/security/pam_devperm.so |
#%PAM-1.0 auth required /lib/security/pam_smartcard.so reader=0 cadir=/etc/cacerts account required /lib/security/pam_unix.so password required /lib/security/pam_unix.so session required /lib/security/pam_unix.so session required /lib/security/pam_devperm.so |
#%PAM-1.0 auth required /lib/security/pam_unix.so nullok account required /lib/security/pam_unix.so password required /lib/security/pam_smartcard.so reader=0 cadir=/etc/cacerts session required /lib/security/pam_unix.so |