Default Authentication for Client Applications

You set up authentication on the local system so it denies access to anyone who does not have the corresponding authentication mechanisms on the smart card. The server's authentication mechanisms are the default mechanisms used by ocfserv during smart card login.

If the user tries to access a client application with a different sequence set, ocfserv uses the client authentication mechanisms during login.

ocfserv authentication mechanisms must be activated before you can configure client authentication properties. By default, all authentication mechanisms supported by Solaris Smart Cards are activated when the Solaris 8 release is installed. These mechanisms are:

• Password

• PIN

• Challenge-Response

You must define properties for the default smart cards and the default authentication sequence used by the individual OCF client application. You protect sensitive applications running on the local system by configuring them to require login with a smart card. The default application to be protected is dtlogin, the application that controls logging into the Common Desktop Environment (CDE).

An application does not need to have the same authentication sequence as ocfserv. The client authentication sequence takes precedence over a different authentication sequence assigned to ocfserv. For example, you can configure "password" as the default authentication mechanism for ocfserv. However, you might want to add "PIN authentication" into the authentication sequence for anyone trying to access a client application, such as the Solaris desktop.

See "How to Set Up the Default Authentication Mechanism for the Server and Client Applications (Command Line)" for step-by-step instructions on setting this property from the command line.