diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index e9961ed..bc6890b 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -4895,6 +4895,18 @@
stream << "# All changes will be lost!\n";
stream << "\n";
+ // Get PKCS#11 slot number from the LDAP configuration file
+ KSimpleConfig* systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" ));
+ systemconfig->setGroup(NULL);
+ int pkcs11_login_card_slot = systemconfig->readNumEntry("PKCS11LoginCardSlot", 0);
+ delete systemconfig;
+
+ // Generate PKCS#11 provider string
+ TQString pkcsProviderString = TDECryptographicCardDevice::pkcsProviderLibrary();
+ if (pkcs11_login_card_slot != 0) {
+ pkcsProviderString.append(TQString(",slot=%1").arg(pkcs11_login_card_slot));
+ }
+
// Appdefaults
stream << "[appdefaults]\n";
if (realmList.begin() != realmList.end()) {
@@ -4908,9 +4920,11 @@
stream << " pkinit_revoke = FILE:" << ldap_crlfile << "\n";
}
stream << " pkinit_require_crl_checking = true\n";
- stream << " pam = {\n";
- stream << " pkinit_user = PKCS11:" << TDECryptographicCardDevice::pkcsProviderLibrary() << "\n";
- stream << " }\n";
+ if (pkcsProviderString != "") {
+ stream << " pam = {\n";
+ stream << " pkinit_user = PKCS11:" << pkcsProviderString << "\n";
+ stream << " }\n";
+ }
stream << "\n";
// Defaults
@@ -5062,6 +5076,7 @@
}
if (pamConfig.enable_pkcs11_login) {
stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_pkcs11.so" << "\n";
+ // stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_krb5.so force_first_pass no_prompt try_pkinit" << "\n";
}
stream << "auth required pam_deny.so" << "\n";
|