pam_smartcard(5)
NAME
pam_smartcard - PAM authentication module for Smart Card
SYNOPSIS
/usr/lib/security/pam_smartcard.so
DESCRIPTION
The Smart Card service module for PAM,
/usr/lib/security/pam_smartcard.so, provides functionality
to obtain a user's information (such as user name and pass-
word) for a smart card. The pam_smartcard.so module is a
shared object that can be dynamically loaded to provide the
necessary functionality upon demand. Its path is specified
in the PAM configuration file pam.conf. See pam.conf(4).
Smart Card Authentication Module
The Smart Card authentication component provides the
pam_sm_authenticate(3PAM) function to verify the identity of
a smart card user.
The pam_sm_authenticate() function collects as user input
the PIN number. It passes this data back to its underlying
layer, OCF, to perform PIN verification. If verification is
successful, the module returns PAM_SUCCESS, and passes the
username and password from the smart card to PAM modules
stacked below.pam_smartcard.
The following options can be passed to the Smart Card ser-
vice module:
debug sysolg(3C) debugging information at LOG_DEBUG level.
nowarn
Turn off warning messages.
verbose
Turn on verbose authentication failure reporting to
the user.
Smart Card Module Configuration
The PAM smart card module (pam_smartcard) can be configured
in the PAM configuration file (/etc/pam.conf). For example,
the following configuration on on the desktop (Common Desk-
top Environment) forces a user to use a smart card for log-
ging in.
The following are typical values set by 'smartcard -c
enable', if the command is applied to the default configura-
tion.
dtlogin auth requisite pam_smartcard.so.1
dtlogin auth required pam_authtok_get.so.1
dtlogin auth required pam_dhkeys.so.1
dtlogin auth required pam_unix_auth.so.1
dtsession auth requisite pam_smartcard.so.1
dtsession auth required pam_authtok_get.so.1
dtsession auth required pam_dhkeys.so.1
dtsession auth required pam_unix_auth.so.1
SEE ALSO
smartcard(1M), libpam(3LIB), pam(3PAM),
pam_authenticate(3PAM), pam_start(3PAM), pam.conf(4),
pam_authtok_check(5), pam_authtok_get(5),
pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5),
pam_unix(5), pam_unix_account(5), pam_unix_auth(5),
pam_unix_session(5)
NOTES
The pam_unix(5) module might not be supported in a future
release. Similar functionality is provided by
pam_authtok_check(5), pam_authtok_get(5),
pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5),
pam_unix_account(5), pam_unix_auth(5), and
pam_unix_session(5).
Man(1) output converted with
man2html