The authentication protocol works as follows. First, the Linux sysadmin associates a CC authentication public key with a username. This association is kept in a separate file, different from /etc/passwd. When a user logs in, first the PAM module checks if it has an associated public key, then if a (valid) CC card is available and, finally, uses a challenge-response protocol to check if the private key inside the CC corresponds to the public key associated to the username. If valid, then the username is authenticated.
The ZIP contains the source code of a command (addCCuser) and a PAM dynamic library (pam_PTEIDCC.so). The command associates a username with the authentication public key of the CC available. It must be executed by a sysadmin, as it binds a username to a key and stores the binding in a protected file. The dynamic library is a PAM module for authentication management.
Both the command and the library accept an extra argument: the name of the file to store username-public key bindings. By default, this file is /etc/CC/keys.
To compile the files you need three things: (i) the PTEID SDK (available here), include files for PKCS#11 libraries (cryptoki package, included in the ZIP and customized for Linux) and OpenSSL libraries.
A final note: to test this software with CC test cards you need to deactivate the CC integrity checking performed both by the application and the library.