Application Property

Use the application authentication property to designate which applications the user needs to log in to with a login name and password. The application authentication property is called a “user profile” in the Smartcard Console. For example, to require a smart card login to the desktop, specify dtlogin as the application associated with the login name and password on the card. You can also require a smart card login for an application specific to your site, such as a financial package or a personnel database. To require a smart card login for such an application, specify its name as the application property.

Before initializing an application on the card, find out which applications a user needs to access through smart card authentication. This step is particularly important when preparing a smart card for anyone who needs to log in to an application as root or another restricted login name.

PayFlex cards do not support multiple profiles. PayFlex cards cannot be used in cases where a user needs to log in to the desktop and to one or more secure applications. PayFlex cards cannot be used with multiple user names.

The application property on the smart card works in tandem with the other authentication properties. For example, suppose you initialized a smart card for user Ed with the following information:

• A000000062030400 – The SolarisAuthApplet applet

• '$$$$java' – The default PIN for this card, which user Ed can change later

• dtlogin – The application that requires the smart card login

• ed – The name that Ed must provide to log in to the desktop

• xx – The password that Ed must type to log in to the desktop

The preceding information would be typed on the command line, as follows:

# smartcard -c init -A A000000062030400 -P '$$$$java' application=dtlogin user=ed password=xx

When Ed inserts his card into the reader and tries to log in to the desktop (dtlogin), ocfserv reads the card to determine whether any authentication properties are associated with dtlogin. The ocfserv server finds that the user and password properties are associated with dtlogin.

The ocfserv server prompts Ed for his PIN. The typed PIN is compared with the PIN that is stored on the smart card that is assigned to the dtlogin application. Also, ocfserv uses the login name and password on Ed's card, along with the passwords in the system's password database, to verify that Ed is who he claims to be. If these properties match, Ed is logged in to the desktop.