OCF Server Properties Overview

This section provides an overview of ocfserv properties that you can change if the default properties do not suit your site. You might need to change these properties if:

• They do not entirely support the security needs of your site.

• Your smart card or card reader manufacturer updates its product, and changes the product's ATR number, card terminal factory names, or other information.

• Developers at your site create custom applications that require you to add security properties.

See Chapter 7, Additional OCF Server and Client Configuration (Tasks) for step-by-step instructions on changing these properties.

This following sections describes each ocfserv property and provide the default value of each property. You can view these properties in the SmartCard Console or with the smartcard -c admin command.

Valid Smart Cards and Default Smart Card Server Properties

The ocf.server.default.validcards property specifies which smart card types are valid on the system. By default, all three smart card types are valid.

See "How to Change the Valid Smart Cards for the Server (Console)" for step-by-step instructions on changing this property.

The ocf.client.default.defaultcard property specifies to ocfserv which card is the default smart card. By default, Solaris Smart Cards has no default smart card.

See "How to Change the Default Smart Card for the Server (Console)" for step-by-step instructions on changing this property.

Supported Card Readers Property

The OpenCard.terminals property defines the card readers supported by the system. For example, for a system with a Sun SCRI External Card Reader 1, the value for OpenCard.terminals is:

OpenCard.terminals         = com.sun.opencard.terminal.scm.SCMStc
.SCMStcCardTerminalFactory|MySCM|SunSCRI|dev/cua/b

Here OpenCard.terminals defines the Sun SCRI External Card Reader 1 as the currently configured reader. The smartcard -c admin command displays the OpenCard.terminals property only after you have added a card reader.

For instructions on adding a card reader, see Chapter 3, Setting Up a Card Reader (Tasks).

Open Card Services Property

The OpenCard.services property specifies the location of the card-specific modules. Each smart card type has the following modules defined:

OpenCard.services          = com.sun.opencard.service.cyberflex.CyberFlex
ServiceFactory com.sun.opencard.service.ibutton.IButtonServiceFactory com.
sun.opencard.service.payflex.PayFlexServiceFactory

For instructions on activating or deactivating card services, see "How to Deactivate or Activate Card Services (Console)".

Private-Key Property

To use this feature of Solaris Smart Cards, you must have a public-key infrastructure (PKI) set up at your site. See "How to Create a Private Key on a Smart Card (Command Line)" for step-by-step instructions on creating a private key on a smart card.

You can store only one private key on a smart card.

How the Private Key Property Works

After authenticating the PIN and password on the smart card, ocfserv copies the file specified in key_file_name to the smart card. Thereafter, the private key is available on the card for signing data as an additional form of authentication. When the user runs a command for signing data, such as amisign from AMI, the command uses the private key on the user's smart card to create the signed data.

Depending on your site's policies, you might want to delete the user's private-key file from the system where it is stored. Thereafter, the private key exists only on the user's smart card.

Additional OCF Server Properties

The following table describes properties that you should not change.