Solaris Smartcard Administration Guide

Setting Timeout and Card Removal Actions

If you don't want to use the default values for Smartcard timeouts and card removal actions, you can change the values. The procedures for changing the values are described in the following sections.

ProcedureTo Set Smartcard Timeouts (Console)

Steps
  1. Verify that the ocfserv daemon is enabled.

    The following command provides the status of the service.


    % svcs network/rpc/ocfserv
    

    Note –

    Before you make any changes to Smartcard, you must make sure that the ocfserv daemon is enabled.


  2. (Optional) If necessary, as root, enable the ocfserv daemon.


    # svcadm enable network/rpc/ocfserv
    
  3. Select OCF Clients in the Navigation pane.

  4. Select the Desktops icon in the Console pane.

  5. Choose Properties in the Action menu.

  6. Select the Timeouts tab in the dialog box.

    The Configure Clients dialog box is displayed.

  7. Select the Timeouts tab in the Configure Clients dialog box.

  8. Adjust the timeouts by using the mouse to slide the indicator for each timeout.

    • Card Removal Timeout – Specifies the number of seconds the desktop waits after a smart card is removed before locking the screen. The card removal timeout only applies if the “Ignore Card Removal” box is not checked under the options tab. If Card Removal Logout Wait is set to 0, a user is never logged out. The screen remains locked until the user reauthenticates to unlock the screen.

    • Reauthentication Timeout – Specifies the number of seconds the Reauthentication screen is displayed when the card has been removed. At the end of the specified time, the screen is locked.

    • Card Removal Logout Wait Timeout – Specifies the number of seconds the desktop waits for a smart card to be reinserted when the Reauthentication screen is displayed. If the card is not reinserted in time, the user is logged out. Note that this timeout is relevant only if Reauthenticate After Card Removal—in the Options tab—is set to False.

  9. Click the Apply or OK button.

  10. Exit CDE to activate the change.

ProcedureTo Set Card Removal Options (Console)

Steps
  1. Verify that the ocfserv daemon is enabled.

    The following command provides the status of the service.


    % svcs network/rpc/ocfserv
    

    Note –

    Before you make any changes to Smartcard, you must make sure that the ocfserv daemon is enabled.


  2. (Optional) If necessary, as root, enable the ocfserv daemon.


    # svcadm enable network/rpc/ocfserv
    
  3. Select OCF Clients in the Navigation pane.

  4. Select the Desktop icon in the Console pane.

  5. Choose Properties in the Action menu.

    The Configure Clients dialog box is displayed.

  6. Select the Options tab in the dialog box.

  7. Click the checkboxes to toggle between on or off.

    • Ignore Card Removal – If checked, nothing happens when a smart card is removed from the reader.

    • Reauthenticate After Card Removal – If checked, a user is logged out when a card is removed. If Reauthenticate is not checked, the Card Removal Logout Wait setting—in the Timeouts tab—determines what happens.

  8. Click the Apply or OK button.

  9. Exit CDE to activate the change.