1pam_smartcard(5)      Standards, Environments, and Macros     pam_smartcard(5)
2
3
4

NAME

6       pam_smartcard - PAM authentication module for Smart Card
7

SYNOPSIS

9       /usr/lib/security/pam_smartcard.so
10
11

DESCRIPTION

13       The  Smart  Card  service  module for PAM, /usr/lib/security/pam_smart‐
14       card.so, provides functionality to obtain a user's information (such as
15       user  name  and password) for a smart card. The pam_smartcard.so module
16       is a shared object that can be dynamically loaded to provide the neces‐
17       sary  functionality  upon demand. Its path is specified in the PAM con‐
18       figuration file pam.conf. See pam.conf(4).
19
20   Smart Card Authentication Module
21       The Smart Card authentication component provides  the  pam_sm_authenti‐
22       cate(3PAM) function to verify the identity of a smart card user.
23
24
25       The  pam_sm_authenticate() function collects as user input the PIN num‐
26       ber. It passes this data back to its underlying layer, OCF, to  perform
27       PIN  verification.  If  verification  is successful, the module returns
28       PAM_SUCCESS, and passes the username and password from the  smart  card
29       to PAM modules stacked below.pam_smartcard.
30
31
32       The following options can be passed to the Smart Card service module:
33
34       debug      syslog(3C) debugging information at LOG_DEBUG level.
35
36
37       nowarn     Turn off warning messages.
38
39
40       verbose    Turn  on  verbose  authentication  failure  reporting to the
41                  user.
42
43
44   Smart Card Module Configuration
45       The PAM smart card module (pam_smartcard) can be configured in the  PAM
46       configuration file (/etc/pam.conf).  For example, the following config‐
47       uration on on the desktop (Common Desktop Environment) forces a user to
48       use a smart card for logging in.
49
50
51       The  following  are typical values set by 'smartcard -c enable', if the
52       command is applied to the default configuration.
53
54         dtlogin         auth requisite          pam_smartcard.so.1
55         dtlogin         auth required           pam_authtok_get.so.1
56         dtlogin         auth required           pam_dhkeys.so.1
57
58         dtsession       auth requisite          pam_smartcard.so.1
59         dtsession       auth required           pam_authtok_get.so.1
60         dtsession       auth required           pam_dhkeys.so.1
61
62

SEE ALSO

64       smartcard(1M),   libpam(3LIB),    pam(3PAM),    pam_authenticate(3PAM),
65       pam_start(3PAM), pam.conf(4), pam_authtok_check(5), pam_authtok_get(5),
66       pam_authtok_store(5),        pam_dhkeys(5),         pam_passwd_auth(5),
67       pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)
68

NOTES

70       The pam_unix(5) module is no longer supported. Similar functionality is
71       provided   by   pam_authtok_check(5),   pam_authtok_get(5),   pam_auth‐
72       tok_store(5),  pam_dhkeys(5),  pam_passwd_auth(5), pam_unix_account(5),
73       pam_unix_auth(5), and pam_unix_session(5).
74
75
76
77SunOS 5.11                        24 Oct 2002                 pam_smartcard(5)
Impressum