unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

pam_smartcard(5)      Standards, Environments, and Macros     pam_smartcard(5)



NAME
       pam_smartcard - PAM authentication module for Smart Card

SYNOPSIS
       /usr/lib/security/pam_smartcard.so

DESCRIPTION
       The  Smart  Card  service  module for PAM, /usr/lib/security/pam_smart-
       card.so, provides functionality to obtain a user's information (such as
       user  name  and password) for a smart card. The pam_smartcard.so module
       is a shared object that can be dynamically loaded to provide the neces-
       sary  functionality  upon demand. Its path is specified in the PAM con-
       figuration file pam.conf. See pam.conf(4).

   Smart Card Authentication Module
       The Smart Card authentication component provides  the  pam_sm_authenti-
       cate(3PAM) function to verify the identity of a smart card user.

       The  pam_sm_authenticate() function collects as user input the PIN num-
       ber. It passes this data back to its underlying layer, OCF, to  perform
       PIN  verification.  If  verification  is successful, the module returns
       PAM_SUCCESS, and passes the username and password from the  smart  card
       to PAM modules stacked below.pam_smartcard.

       The following options can be passed to the Smart Card service module:

       debug           syslog(3C) debugging information at LOG_DEBUG level.



       nowarn          Turn off warning messages.



       verbose         Turn on verbose authentication failure reporting to the
                       user.



   Smart Card Module Configuration
       The PAM smart card module (pam_smartcard) can be configured in the  PAM
       configuration file (/etc/pam.conf).  For example, the following config-
       uration on on the desktop (Common Desktop Environment) forces a user to
       use a smart card for logging in.

       The  following  are typical values set by 'smartcard -c enable', if the
       command is applied to the default configuration.

       dtlogin         auth requisite          pam_smartcard.so.1
       dtlogin         auth required           pam_authtok_get.so.1
       dtlogin         auth required           pam_dhkeys.so.1

       dtsession       auth requisite          pam_smartcard.so.1
       dtsession       auth required           pam_authtok_get.so.1
       dtsession       auth required           pam_dhkeys.so.1


SEE ALSO
       smartcard(1M),   libpam(3LIB),    pam(3PAM),    pam_authenticate(3PAM),
       pam_start(3PAM), pam.conf(4), pam_authtok_check(5), pam_authtok_get(5),
       pam_authtok_store(5),        pam_dhkeys(5),         pam_passwd_auth(5),
       pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)

NOTES
       The pam_unix(5) module is no longer supported. Similar functionality is
       provided   by   pam_authtok_check(5),   pam_authtok_get(5),   pam_auth-
       tok_store(5),  pam_dhkeys(5),  pam_passwd_auth(5), pam_unix_account(5),
       pam_unix_auth(5), and pam_unix_session(5).



SunOS 5.10                        24 Oct 2002                 pam_smartcard(5)