# Zastava
#
pam_pkcs11 {
  nullok = false;
  pin_len_min = 4;
  pin_len_max = 8;
  ask_pin = true;
  verbose = false;
  quiet = false;
  default_username = "nobody";
  pwquality_config = "/etc/security/pam_pkcs11/zastava_pwquality.conf";
  force_pin_change = true;
  debug = false;  
  use_first_pass = false;
  try_first_pass = false;
  use_authtok = false;
  card_only = true;
  wait_for_card = false;
  use_mappers = generic;
  check_pin_early = true;

  lowlevel isbc {
    pin_expire_min = 262800;
  }

  mapper generic {
    debug = false;
    module = internal;
    ignorecase = false;
    cert_item = 1.3.6.1.4.1.311.20.2.3;
    mapfile = file:///etc/security/pam_pkcs11/zastava_users.map;
    use_getpwent = false;
    user_desc = 1.3.6.1.4.1.311.20.2.3;
    desc_mapfile = file:///etc/security/pam_pkcs11/zastava_roles.map;
  }
}
