The linux PAM authentication framework also supports PKCS11 based logins, which makes it easy for us to use our SuisseID for that.

Basically, you can use the entry PAM Authentication in this HOWTO. To use it with your SuisseID, you must have an eye on the following points:

/etc/pam_pkcs11/pam_pkcs11.conf configuration

Create a new module configuration:

# SuisseID pkcs11 module
pkcs11_module suisseid {
module = /usr/lib/libcvP11.so;
description = "SuisseID pkcs#11 module";
slot_num = 0;
token_type = "Suisse ID"
support_threads = false;
ca_dir = /etc/pam_pkcs11/cacerts;
crl_dir = /etc/pam_pkcs11/crls;
cert_policy = ca;
crl_policy = crl_auto;
}


and set this configuration as your PKCS#11 module:

# Filename of the PKCS #11 module. The default value is "default"
use_pkcs11_module = suisseid;


Store certificates of your CA under /etc/pam_pkcs11/cacerts

The module needs to check if your certificate is signed from a trusted source. In web browsers, this certificates are usually preinstalled, for the pam module we have to installed it by ourself.
The easiest way is to check who has signed your certificat and then export this certificates from Firefox to the folder /etc/pam_pkcs11/cacerts.