To Create User Information on a Smart Card (Command Line)
Defining Authentication Properties on a Smart Card
2. Getting Started With Solaris Smartcard
The final step in setting up a desktop system is to enable the use of a Solaris Smartcard for desktop login. See To Enable Smartcard Usage (Command Line) for step-by-step instructions.
You cannot log in through dtlogin if you enable Smartcard and either of the following conditions is true:
You do not have a working smart card
You have not configured a smart card successfully
If you enable Smartcard before you have set up a working smart-card configuration, you must first disable Smartcard. Do the following to disable Smartcard so that you can set up Smartcard for use:
Log in to the system remotely with the ssh or rlogin command.
Become superuser (root).
Disable smart-card operations.
# smartcard -c disable
Use this procedure to enable Solaris Smartcard usage on a system. A user must use an accepted smart card for the system. A user might also need to type a PIN to log in to the system.
The following command provides the status of the service.
# svcs network/rpc/ocfserv
Note - Before you make any changes to Smartcard, you must make sure that the ocfserv daemon is enabled.
# svcadm enable network/rpc/ocfserv
# /etc/init.d/dtlogin stop
# smartcard -c enable
# /etc/init.d/dtlogin start
Note - When CDE is configured for Smartcard login, /etc/pam.conf is modified to include pam_smartcard. For example, when smartcard -c enable is executed, the following lines are inserted at the top of the auth stacks for dtlogin and dtsession:
dtlogin auth requisite pam_smartcard.so dtsession auth requisite pam_smartcard.so