pam_smartcard(5)




NAME

     pam_smartcard - PAM authentication module for Smart Card


SYNOPSIS

     /usr/lib/security/pam_smartcard.so


DESCRIPTION

     The    Smart    Card     service     module     for     PAM,
     /usr/lib/security/pam_smartcard.so,  provides  functionality
     to obtain a user's information (such as user name and  pass-
     word)  for  a  smart  card. The pam_smartcard.so module is a
     shared object that can be dynamically loaded to provide  the
     necessary  functionality  upon demand. Its path is specified
     in the PAM configuration file pam.conf. See pam.conf(4).

  Smart Card Authentication Module
     The  Smart  Card  authentication  component   provides   the
     pam_sm_authenticate(3PAM) function to verify the identity of
     a smart card user.

     The pam_sm_authenticate() function collects  as  user  input
     the  PIN  number. It passes this data back to its underlying
     layer, OCF, to perform PIN verification. If verification  is
     successful,  the  module returns PAM_SUCCESS, and passes the
     username and password from the smart  card  to  PAM  modules
     stacked below.pam_smartcard.

     The following options can be passed to the Smart  Card  ser-
     vice module:

     debug sysolg(3C) debugging information at LOG_DEBUG level.

     nowarn
           Turn off warning messages.

     verbose
           Turn on verbose authentication  failure  reporting  to
           the user.

  Smart Card Module Configuration
     The PAM smart card module (pam_smartcard) can be  configured
     in the PAM configuration file (/etc/pam.conf).  For example,
     the following configuration on on the desktop (Common  Desk-
     top  Environment) forces a user to use a smart card for log-
     ging in.

     The following  are  typical  values  set  by  'smartcard  -c
     enable', if the command is applied to the default configura-
     tion.

     dtlogin         auth requisite          pam_smartcard.so.1
     dtlogin         auth required           pam_authtok_get.so.1
     dtlogin         auth required           pam_dhkeys.so.1
     dtlogin         auth required           pam_unix_auth.so.1

     dtsession       auth requisite          pam_smartcard.so.1
     dtsession       auth required           pam_authtok_get.so.1
     dtsession       auth required           pam_dhkeys.so.1
     dtsession       auth required           pam_unix_auth.so.1


SEE ALSO

     smartcard(1M),           libpam(3LIB),            pam(3PAM),
     pam_authenticate(3PAM),     pam_start(3PAM),    pam.conf(4),
     pam_authtok_check(5),                    pam_authtok_get(5),
     pam_authtok_store(5),   pam_dhkeys(5),   pam_passwd_auth(5),
     pam_unix(5),     pam_unix_account(5),      pam_unix_auth(5),
     pam_unix_session(5)


NOTES

     The pam_unix(5) module might not be supported  in  a  future
     release.    Similar    functionality    is    provided    by
     pam_authtok_check(5),                    pam_authtok_get(5),
     pam_authtok_store(5),   pam_dhkeys(5),   pam_passwd_auth(5),
     pam_unix_account(5),          pam_unix_auth(5),          and
     pam_unix_session(5).


Man(1) output converted with man2html