JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Solaris Smartcard Administration Guide
search filter icon
search icon

Document Information


1.  Solaris Smartcard Overview

What's New With Smartcard

Smartcard Features

Smartcard Requirements

Smartcard Login

Package Descriptions

Smartcard Man Pages

Loading the SolarisAuthApplet

Initializing a Smart Card

To Create User Information on a Smart Card (Command Line)

Defining Authentication Properties on a Smart Card

PIN Property

User and Password Properties

Application Property

Enabling Desktop Login With a Solaris Smartcard

To Enable Smartcard Usage (Command Line)

2.  Getting Started With Solaris Smartcard

3.  Adding or Removing a Card Reader

4.  Troubleshooting



Enabling Desktop Login With a Solaris Smartcard

The final step in setting up a desktop system is to enable the use of a Solaris Smartcard for desktop login. See To Enable Smartcard Usage (Command Line) for step-by-step instructions.

You cannot log in through dtlogin if you enable Smartcard and either of the following conditions is true:

If you enable Smartcard before you have set up a working smart-card configuration, you must first disable Smartcard. Do the following to disable Smartcard so that you can set up Smartcard for use:

  1. Log in to the system remotely with the ssh or rlogin command.

  2. Become superuser (root).

  3. Disable smart-card operations.

    # smartcard -c disable

To Enable Smartcard Usage (Command Line)

Use this procedure to enable Solaris Smartcard usage on a system. A user must use an accepted smart card for the system. A user might also need to type a PIN to log in to the system.

  1. Become superuser on each system to be used in Smartcard operations.
  2. Verify that the ocfserv daemon is enabled.

    The following command provides the status of the service.

    # svcs network/rpc/ocfserv

    Note - Before you make any changes to Smartcard, you must make sure that the ocfserv daemon is enabled.

  3. (Optional) If necessary, enable the ocfserv daemon.
    # svcadm enable network/rpc/ocfserv
  4. Stop the desktop.
    # /etc/init.d/dtlogin stop
  5. Enable Solaris Smartcard operations.
    # smartcard -c enable
  6. Restart the desktop.
    # /etc/init.d/dtlogin start

    Note - When CDE is configured for Smartcard login, /etc/pam.conf is modified to include pam_smartcard. For example, when smartcard -c enable is executed, the following lines are inserted at the top of the auth stacks for dtlogin and dtsession:

    dtlogin auth requisite
    dtsession auth requisite