Description of problem: pam_pkcs11 uses a mapper interface to map the certificate to a unix user. for Fedora, the default order should be: cn - maps a cn value to a user id based on a mapping file cn_map. Basic fallback case. uid - maps the unix user based on the uid attribute of the DN. pwent - used the password file to map the cn to a user id. cn is basically a user configurable override for a given cert. uid is a TPS override for a given user. pwent is for environments with NIS or ldap password entries.
*** Bug 201377 has been marked as a duplicate of this bug. ***
pam_pkcs11-0.5.3-14
Fixed in pam_pkcs11-0.5.3-15
I can confirm that the order is now correct in RHEL 5 beta 2 milestone 3 ( candidate 20060921.0 ) on both x84_64 and i396 I will verify this bug is fixed once we have a stable candidate that [1] installs and [2] in which the pam stack preventing smart card login does not require a workaround ( bug#207410 )
VERIFIED fixed against candidate RHEL5-Client-20061006.2 $ rpm -qa | grep pam_pkcs11 pam_pkcs11-0.5.3-22 pam_pkcs11-0.5.3-22
Closing out as included in latest RHEL5 builds (20061111.0)