Content-type: text/html Man page of pam_smartcard

pam_smartcard

Section: Standards, Environments, and Macros (5)
Updated: 24 Oct 2002
Index Return to Main Contents
 

NAME

pam_smartcard - PAM authentication module for Smart Card  

SYNOPSIS

/usr/lib/security/pam_smartcard.so
 

DESCRIPTION

The Smart Card service module for PAM, /usr/lib/security/pam_smartcard.so, provides functionality to obtain a user's information (such as user name and password) for a smart card. The pam_smartcard.so module is a shared object that can be dynamically loaded to provide the necessary functionality upon demand. Its path is specified in the PAM configuration file pam.conf. See pam.conf(4).  

Smart Card Authentication Module

The Smart Card authentication component provides the pam_sm_authenticate(3PAM) function to verify the identity of a smart card user.

The pam_sm_authenticate() function collects as user input the PIN number. It passes this data back to its underlying layer, OCF, to perform PIN verification. If verification is successful, the module returns PAM_SUCCESS, and passes the username and password from the smart card to PAM modules stacked below.pam_smartcard.

The following options can be passed to the Smart Card service module:

debug syslog(3C) debugging information at LOG_DEBUG level.

nowarn Turn off warning messages.

verbose Turn on verbose authentication failure reporting to the user.

 

Smart Card Module Configuration

The PAM smart card module (pam_smartcard) can be configured in the PAM configuration file (/etc/pam.conf). For example, the following configuration on on the desktop (Common Desktop Environment) forces a user to use a smart card for logging in.

The following are typical values set by 'smartcard -c enable', if the command is applied to the default configuration.


dtlogin         auth requisite          pam_smartcard.so.1
dtlogin         auth required           pam_authtok_get.so.1
dtlogin         auth required           pam_dhkeys.so.1
 
dtsession       auth requisite          pam_smartcard.so.1 
dtsession       auth required           pam_authtok_get.so.1 
dtsession       auth required           pam_dhkeys.so.1 

 

SEE ALSO

smartcard(1M), libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam_start(3PAM), pam.conf(4), pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)  

NOTES

The pam_unix(5) module is no longer supported. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).


 

Index

NAME
SYNOPSIS
DESCRIPTION
Smart Card Authentication Module
Smart Card Module Configuration
SEE ALSO
NOTES

This document was created by man2html, using the manual pages.
Time: 02:39:49 GMT, October 02, 2010