Chapter 1 Solaris Smart Cards (Overview)
This chapter provides an overview of Solaris Smart Card features, supported smart cards and card readers, and planning information.
This is a list of the topics in this chapter.
Solaris Smart Card Features
Solaris Smart Cards enables secure login to the Solaris desktop environment or other applications by using a smart card. Information stored on the smart card verifies the identity of the user during login. Users who cannot provide the same login information that is on the smart card are denied access to the application.
The Solaris Smart Cards software:
-
Implements the open card framework (OCF) 1.1 standard for smart cards
-
Supports a variety of card readers
-
Supports three widely used smart cards
-
Allows management from the SmartCard Console or the Solaris command line
-
Protects login to the desktop environment or other applications, through use of the password, PIN, and challenge-response authentication methods
-
Lets a user store security credentials directly onto the card (Java cards only)
Solaris Smart Card Requirements
You need the following to use the Solaris Smart Cards software:
-
A SPARC system running the Solaris 8 release.
-
A supported internal or external card and smart cards. See the next section for a list of supported smart cards and readers.
Supported Smart Cards and Readers
Solaris Smart Cards supports the following smart cards and card readers.
Table 1-1 Supported Smart Card Types
What Happens During a Smart Card Login
Smart cards let users log in to a secure desktop environment or protected application that otherwise would be closed to them. The following sequence explains what happens when someone logs in to a system protected by the default Smart Cards configuration:
-
The user inserts the card into the card reader attached to the system.
-
The user attempts to run a protected application, typically the Solaris desktop; other applications can be protected by smart cards, as well.
-
The application prompts the user to type the user's personal identification number (PIN), and then compares the typed PIN with the PIN stored on the card.
-
If the typed PIN and the PIN stored on the card match, the application then searches the password database specified in the system's /etc/nsswitch.conf file (NIS, NIS+, or local files) for this password.
-
If the application finds this password in the system's password database, it considers the user authenticated and logs in the user.
Planning Your Smart Card Configuration
Before purchasing smart cards and card readers, consider your site's need for authenticated logins. Your site's reason for using smart cards might be:
-
To keep systems in a particular department or domain secure from unauthorized access
-
To limit access to a protected application to authorized users only
Before setting up a system for smart cards, you need to complete several preparatory tasks. Use the following checklist to verify that you have completed these tasks.
Table 1-2 Smart Card Planning Checklist|
Check When Done |
Task Description |
|---|---|
|
|
1. Determine the types of card readers and smart cards your site will use. See "Supported Smart Cards and Readers" for more information. |
|
|
2. Identify the systems that need secure login through smart cards. |
|
|
3. Identify the applications that must be protected by smart card authentication. |
|
|
4. Obtain the login names of users who need smart cards. |
High-Level View of Setting Up a Smart Card (Task Map)
After you have reviewed the smart card planning checklist, use this task map to identify all the tasks for setting up a smart card. Each task in this map points to a series of additional tasks such as installing the Solaris 8 release, adding the card reader, and setting up a smart card.
Table 1-3 High-Level View of Setting a Smart Card (Task Map)|
Task |
Description |
Instructions |
|---|---|---|
|
1. Install the Solaris 8 software |
Install the Solaris 8 release on all systems that will use smart cards. | |
|
2. Start the SmartCard Console |
Start the SmartCard Console for performing smart card setup tasks. | |
|
3. Attach Card Reader |
Physically attach and configure the card reader on each system that will use smart cards, unless you are using an internal card reader. | |
|
4. Set Up a Smart Card |
Specify card-specific information and default authentication. Then enable smart card operations. | |
|
5. Configure Additional OCF Server and Client Authentication |
Optional Change the server and client properties if the default values do not suit your security needs. |
Chapter 7, Additional OCF Server and Client Configuration (Tasks) |
Smart Cards Package Descriptions
The following table lists the Solaris Smart Cards packages added during a Solaris 8 installation.
Table 1-4 Solaris Smart Cards Packages|
Package Name |
Description |
|---|---|
|
SUNWjcom |
Java Communications API for smart card support - Java code and Native code |
|
SUNWjcomx |
Java Communications API for smart card support - Native code (64-bit) |
|
SUNWjib |
Dallas Semiconductor serial iButton OCF Card Terminal Driver |
|
SUNWocf |
Open Card Framework - core libraries and utilities |
|
SUNWocfr |
Open Card Framework - configuration files |
|
SUNWocfh |
Open Card Framework - header files |
|
SUNWocfx |
Open Card Framework - core libraries (64-bit) |
|
SUNWpamsc |
Pluggable Authentication Module for smart card authentication |
|
SUNWpamsx |
Pluggable Authentication Module for smart card authentication (64-bit) |
|
SUNWscgui |
Solaris Smart Cards graphical user interface (GUI) |
|
SUNWscmos |
Pluggable Authentication Module for smart-card authentication |
|
SUNWscmsc |
Sun SCRI OCF Card Terminal Driver |
Should you need to remove a package, use the standard pkgrm command. Reinstall the package using the pkgadd command.
See "Software Administration (Tasks)" in the System Administration Guide, Volume 1 for information on using these commands.
- © 2010, Oracle Corporation and/or its affiliates