Before performing the tasks in this section, you must have:
Configured at least one card reader for the system.
Activated card services on the system.
Decided on the default authentication mechanism to use at your site and the sequence in which each mechanism must occur.
Determined which applications running on the system must be protected by smart card login.
See "How to Start the SmartCard Console (Command Line)" for help on starting the SmartCard Console.
Select OCF Clients from the Navigation pane.
Double-click the CDE icon.
Select the Defaults folder.
Select Smart Card from the Available Resources list.
Select the radio button for the smart card that will serve as the default for the client. You can select only one default card type.
The card type you select for the default card type must also be defined as a valid card. See the "How to Change the Default Smart Card for the Server (Console)".
Click Apply or OK.
See "How to Start the SmartCard Console (Command Line)" for help on starting the SmartCard Console.
Select OCF Clients from the Navigation pane.
Double-click the CDE icon.
Select the Defaults folder.
Select Card Reader from the Available Resources list.
Select the radio button for the card reader that will serve as the default for the client. You can pick only one default card reader.
The card reader you choose must accommodate the default smart card you previously defined.
Click Apply or OK.
See "How to Start the SmartCard Console (Command Line)" for help on starting the SmartCard Console.
Select OCF Clients from the Navigation pane.
Double-click the CDE icon.
Select one or more valid smart card types on the Smart Cards Used list.
The card_name Authentications list shows PIN as the default authentication mechanism assigned by Solaris Smart Cards. The Tag column lists a lookup value assigned to the application.
Click Add to display a combo box.
Pull down on the arrow to display the authentication mechanisms active on the OCF server, and choose additional mechanisms as needed.
Repeat this procedure for each card type selected as a valid card.
Click Apply or OK.
Become superuser.
Change the default valid cards.
# smartcard -c admin -a default -x modify validcards="IButton | CyberFlex | PayFlex" |
IButton | CyberFlex | PayFlex |
Indicates any one or a combination of these values. |
For example, to define the valid smart card types as CyberFlex and Payflex for all applications, type:
# smartcard -c admin -a default -x modify validcards="CyberFlex Payflex" |
The application_name.authmechanism property enables you to assign an authentication mechanism to a particular application.
Become superuser on the system with the client properties you want to modify.
Assign a default smart card type to an application.
# smartcard -c admin -a application_name -x add defaultcard=card_name |
application_name |
Is the application for which you want to define a default smart card type. |
card_name |
Is the smart card type that must be used to log in to this application, either CyberFlex, PayFlex, or IButton. |
For example, to define iButton as the default card type for a system's desktop, type:
# smartcard -c admin -a dtlogin -x add defaultcard=IButton |
Thereafter, when you run smartcard -c admin, you see the following client properties:
dtlogin.defaultcard = IButton default.validcards = CyberFlex PayFlex |
See "How to Start the SmartCard Console (Command Line)" for help on starting the SmartCard Console.
Select OCF Clients from the Navigation pane.
Double-click the CDE icon.
Select the Timeouts folder.
Slide the indicator to change the amount of time for any of the following timeout values.
Card Removal Timeout
Re-authentication Timeout
Card Removal Logout Wait Timeout
See "Changing Client Application and Card Removal Timeouts" for a description of each value.
See "How to Start the SmartCard Console (Command Line)" for help on starting the SmartCard Console.
Select OCF Clients from the Navigation pane.
Double-click the CDE icon.
Select the Timeouts folder.
Enable or disable the following options:
Ignore Card Removal
Re-authenticate After Card Removal
See "Changing Client Application Behavior When a Card is Removed" for a description of each option.