Sun Microsystems, Inc.
spacerspacer
spacer   www.sun.com docs.sun.com | | |  
spacer
black dot
   
A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z
    
 
Standards, Environments, and Macrospam_smartcard(5)


NAME

 pam_smartcard - PAM authentication module for Smart Card

SYNOPSIS

 
/usr/lib/security/pam_smartcard.so

DESCRIPTION

 

The Smart Card service module for PAM, /usr/lib/security/pam_smartcard.so, provides functionality to obtain a user's information (such as user name and password) for a smart card. The pam_smartcard.so module is a shared object that can be dynamically loaded to provide the necessary functionality upon demand. Its path is specified in the PAM configuration file pam.conf. See pam.conf(4).

Smart Card Authentication Module

 

The Smart Card authentication component provides the pam_sm_authenticate(3PAM) function to verify the identity of a smart card user.

The pam_sm_authenticate() function collects as user input the PIN number. It passes this data back to its underlying layer, OCF, to perform PIN verification. If verification is successful, the module returns PAM_SUCCESS, and passes the username and password from the smart card to PAM modules stacked below.pam_smartcard.

The following options can be passed to the Smart Card service module:

debug
sysolg(3c) debugging information at LOG_DEBUG level.
nowarn
Turn off warning messages.
verbose
Turn on verbose authentication failure reporting to the user.

Smart Card Module Configuration

 

The PAM smart card module (pam_smartcard) can be configured in the PAM configuration file (/etc/pam.conf). For example, the following configuration on on the desktop (Common Desktop Environment) forces a user to use a smart card for logging in.

The following are typical values set by 'smartcard -c enable', if the command is applied to the default configuration.

 
dtlogin         auth requisite          pam_smartcard.so.1
dtlogin         auth required           pam_authtok_get.so.1
dtlogin         auth required           pam_dhkeys.so.1
dtlogin         auth required           pam_unix_auth.so.1
 
dtsession       auth requisite          pam_smartcard.so.1 
dtsession       auth required           pam_authtok_get.so.1 
dtsession       auth required           pam_dhkeys.so.1 
dtsession       auth required           pam_unix_auth.so.1

SEE ALSO

 

smartcard(1M), libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam_start(3PAM), pam.conf(4), pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)

NOTES

 

The pam_unix(5) module might not be supported in a future release. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).


SunOS 5.9Go To TopLast Changed 17 Dec 2001

 
      
      
Copyright 2002 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.