Using a Smart Card

Language:

Caution - These procedures do not work with Sun Rays. For systems that are running SRS, follow the integrated Sun Ray smart card authentication procedures.

Smart cards use personal identification numbers (PINs) rather than passwords. The smart card is protected from misuse by the PIN, which is known only to the smart card's owner. To use the smart card, you insert the card in a smart card reader that is attached to a computer and, when prompted, type the PIN. The smart card can be used only by someone who possesses the smart card and knows the PIN.

For computer use, a CAC, PIV or X.509 certificate-based smart card should remain in the reader for the duration of the session. When the smart card is removed from the reader, the credentials are unavailable in the existing login session to any applications that require re-authentication.

Caution - Log out during periods of inactivity. An authenticated smart card is a secure trusted link into the server. To prevent a possible attack from your local system, you must log out or remove your smart card or CAC when not actively working.

The following tasks describe how to use the various entry points to a system to log in to Oracle Solaris with a smart card.

How to Log In From a Local Console With Smart Card Authentication
How to Log In as a Role With Smart Card Authentication
How to Log In Remotely by Using ssh With Smart Card Authentication
How to Use a Smart Card to ssh to a Remote GNOME Desktop
How to Use a Smart Card to Log In to Your Local GNOME Desktop
How to Authenticate With a Smart Card on a Screensaver