Solaris Smartcard Overview
This chapter provides an overview of Solaris Smartcard features, supported smart cards and card readers, and planning information:
Smartcard Features
A Solaris Smartcard provides a somewhat more secure method for logging in to the Solaris desktop environment than is provided by the standard UNIX login. Information stored on the smart card verifies the identity of the user during login. A user who cannot provide the login information that is on the smart card is denied access to the desktop. The Solaris Smartcard software:
Implements the Smartcard framework, which is based on the OCF1.1 standard
Supports a variety of card readers
Supports three widely-used smart cards
Allows management from the Solaris Smartcard Console or the Solaris command line
Protects login to the desktop environment through PIN authentication and provides a screen lock via dtsession when a smart card is removed from the card reader
Lets a user store security credentials directly onto the card (Java cards only)
Smartcard Requirements
To use the Solaris Smartcard software, you need:
A SPARC system running the Solaris 8 or Solaris 9 operating environment.
A supported internal or external card reader and smart cards.
Solaris Smartcard supports the following smart cards and card readers.
Payflex card
iButton card
Cyberflex card
Sun SCRI External Serial Card Terminal Reader
Sun SCRI Internal Card Terminal Reader
iButton External Serial Card Terminal Reader
Smartcard Login
Secure desktop environments can be protected by requiring users to log in with a configured Solaris Smartcard. The following sequence explains what happens in the login process:
The dtlogin daemon prompts the user to insert a smart card and then to enter a personal identification number (PIN).
The pam_smartcard module compares the entered PIN with the PIN stored on the card.
If the typed PIN and PIN stored on the card match, the username and password are read from the card and used to authenticate the user, based on the specified search order for passwd in /etc/nsswitch.conf.
Package Descriptions
The following table lists the Solaris Smartcard packages added during a Solaris 9 installation.
Table 1-1 Solaris Smartcard Packages
Package Name | Description |
|---|---|
SUNWjcom | Java Communications API for smart card support - Java code and Native code |
SUNWjcomx | Java Communications API for smart card support - Native code (64-bit) |
SUNWjib | Dallas Semiconductor serial iButton OCF Card Terminal Driver |
SUNWocf | Open Card Framework - core libraries and utilities |
SUNWocfr | Open Card Framework - configuration files |
SUNWocfh | Open Card Framework - header files |
SUNWocfx | Open Card Framework - core libraries (64-bit) |
SUNWpamsc | Pluggable Authentication Module for smart card authentication |
SUNWpamsx | Pluggable Authentication Module for smart card authentication (64-bit) |
SUNWscgui | Solaris Smartcard Console |
SUNWscmos | Smart OS used by SCM card terminal driver |
SUNWscmsc | Sun SCRI OCF Card Terminal Driver |
To remove a package, use the standard pkgrm command. Reinstall the package using the pkgadd command.
See "Managing Software (Tasks)" in System Administration Guide: Basic Administration for information on using these commands.