|
Standards, Environments, and Macros | pam_smartcard(5) |
| pam_smartcard - PAM authentication module for Smart Card |
SYNOPSIS
|
/usr/lib/security/pam_smartcard.so
|
|
The Smart Card service module for PAM, /usr/lib/security/pam_smartcard.so, provides functionality to obtain a user's information (such as user name and password) for a smart card. The pam_smartcard.so module is a shared object that can be dynamically
loaded to provide the necessary functionality upon demand. Its path is specified in the PAM configuration file pam.conf. See pam.conf(4).
Smart Card Authentication Module
|
The Smart Card authentication component provides the pam_sm_authenticate(3PAM) function to verify the identity of a smart card user.
The pam_sm_authenticate() function collects as user input the PIN number. It passes this data back to its underlying layer, OCF, to perform PIN verification. If verification is successful, the module returns PAM_SUCCESS, and passes the username and password
from the smart card to PAM modules stacked below.pam_smartcard.
The following options can be passed to the Smart Card service module:
-
debug
-
sysolg(3c) debugging information at LOG_DEBUG level.
-
nowarn
- Turn off warning messages.
-
verbose
- Turn on verbose authentication failure reporting to the user.
|
Smart Card Module Configuration
|
The PAM smart card module (pam_smartcard) can be configured in the PAM configuration file (/etc/pam.conf). For example, the following configuration on on the desktop (Common Desktop Environment) forces a user to use a smart card for logging in.
The following are typical values set by 'smartcard -c enable', if the command is applied to the default configuration.
|
dtlogin auth requisite pam_smartcard.so.1
dtlogin auth required pam_authtok_get.so.1
dtlogin auth required pam_dhkeys.so.1
dtlogin auth required pam_unix_auth.so.1
dtsession auth requisite pam_smartcard.so.1
dtsession auth required pam_authtok_get.so.1
dtsession auth required pam_dhkeys.so.1
dtsession auth required pam_unix_auth.so.1
|
|
|
|
smartcard(1M), libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam_start(3PAM), pam.conf(4), pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)
|
| |