Name  : PAM module for MuscleCard Framework
Author: Eirik A. Herskedal, David Corcoran, Martin Saegesser

We support two modes for authentication. Which mode is used can be
determined in the configuration file. 


Method 1:

- Create a nonce on the host
- Request and Verify PIN #1
- Compute Crypt of the nonce with RSA 1024 bit key #3
- Get the user's certificate from the user's home directory
- Decrypt the nonce using the user's public key
- Compare the original nonce with the last


Method 2:

- Create a nonce on the host
- Request and Verify PIN #1
- Compute Crypt of the nonce with RSA 1024 bit key #3
- Get the user's certificate from the smartcard
- Verify the users certificate using the root CA certificate in /etc/root.cert
- Extract the users public key from the certificate
- Decrypt the nonce using the user's public key
- Compare the original nonce with the last


Installation:

type make
copy the library into /lib/security and edit your pam.conf file
or your service configuration file for PAM.


Configuration

There is a configuration file located in /etc/pamsmartcrc. This will have
paramaters that are read by the authentication module. Most of these are
self-explanatory, except AuthMode. This paramater can have two values:
1. UserCert - 	the module will look in ~/.muscle/user.cert for the 
		certificate.
2. RootCert - 	the module will retreive the certificate from the smartcard 
		and validate the signature by looking at the RootCA's
		certificate in /etc/root.cert. It will also check that the
		username corresponds to the username in the certificate. 
		
