Additional Client Configuration Tasks

Before performing the tasks in this section, you must have:

• Configured at least one card reader for the system.

• Activated card services on the system.

• Decided on the default authentication mechanism to use at your site and the sequence in which each mechanism must occur.

• Determined which applications running on the system must be protected by smart card login.

How to Define the Default Smart Card for the Client (Console)

See "How to Start the SmartCard Console (Command Line)" for help on starting the SmartCard Console.

1. Select OCF Clients from the Navigation pane.

2. Double-click the CDE icon.

3. Select the Defaults folder.

4. Select Smart Card from the Available Resources list.

5. Select the radio button for the smart card that will serve as the default for the client. You can select only one default card type.

   ---

   Note -

   The card type you select for the default card type must also be defined as a valid card. See the "How to Change the Default Smart Card for the Server (Console)".

   ---

6. Click Apply or OK.

How to Define the Default Smart Card Reader for the Client (Console)

See "How to Start the SmartCard Console (Command Line)" for help on starting the SmartCard Console.

1. Select OCF Clients from the Navigation pane.

2. Double-click the CDE icon.

3. Select the Defaults folder.

4. Select Card Reader from the Available Resources list.

5. Select the radio button for the card reader that will serve as the default for the client. You can pick only one default card reader.

   ---

   Note -

   The card reader you choose must accommodate the default smart card you previously defined.

   ---

6. Click Apply or OK.

How to Change the Default Client Authentication Sequence for Valid Cards (Console)

See "How to Start the SmartCard Console (Command Line)" for help on starting the SmartCard Console.

1. Select OCF Clients from the Navigation pane.

2. Double-click the CDE icon.

3. Select one or more valid smart card types on the Smart Cards Used list.

   The card_name Authentications list shows PIN as the default authentication mechanism assigned by Solaris Smart Cards. The Tag column lists a lookup value assigned to the application.

4. Click Add to display a combo box.

5. Pull down on the arrow to display the authentication mechanisms active on the OCF server, and choose additional mechanisms as needed.

6. Repeat this procedure for each card type selected as a valid card.

7. Click Apply or OK.

How to Change the Valid Smart Cards for a Client Application (Command Line)

1. Become superuser.

2. Change the default valid cards.

   # smartcard -c admin -a default -x modify validcards="IButton | CyberFlex | PayFlex"

   IButton | CyberFlex | PayFlex

   Indicates any one or a combination of these values.

   For example, to define the valid smart card types as CyberFlex and Payflex for all applications, type:

   # smartcard -c admin -a default -x modify validcards="CyberFlex Payflex"

How to Assign a Default Smart Card to a Client Application (Command Line)

The application_name.authmechanism property enables you to assign an authentication mechanism to a particular application.

1. Become superuser on the system with the client properties you want to modify.

2. Assign a default smart card type to an application.

   # smartcard -c admin -a application_name -x add defaultcard=card_name

   application_name	Is the application for which you want to define a default smart card type.
   card_name	Is the smart card type that must be used to log in to this application, either CyberFlex, PayFlex, or IButton.

   For example, to define iButton as the default card type for a system's desktop, type:

   # smartcard -c admin -a dtlogin -x add defaultcard=IButton

   Thereafter, when you run smartcard -c admin, you see the following client properties:

   dtlogin.defaultcard = IButton default.validcards = CyberFlex PayFlex

How to Define Client Application and Card Removal Timeouts (Console)

See "How to Start the SmartCard Console (Command Line)" for help on starting the SmartCard Console.

1. Select OCF Clients from the Navigation pane.

2. Double-click the CDE icon.

3. Select the Timeouts folder.

4. Slide the indicator to change the amount of time for any of the following timeout values.

   • Card Removal Timeout

   • Re-authentication Timeout

   • Card Removal Logout Wait Timeout

   See "Changing Client Application and Card Removal Timeouts" for a description of each value.

How to Change the Client Application Behavior When a Card is Removed (Console)

See "How to Start the SmartCard Console (Command Line)" for help on starting the SmartCard Console.

1. Select OCF Clients from the Navigation pane.

2. Double-click the CDE icon.

3. Select the Timeouts folder.

4. Enable or disable the following options:

   • Ignore Card Removal

   • Re-authenticate After Card Removal

   See "Changing Client Application Behavior When a Card is Removed" for a description of each option.