Solaris Smart Cards Administration Guide

Troubleshooting Smart Card Operations

See the sections below if you have trouble logging in with your smart card.

Setting Up Debugging Properties

You can debug smart card operations on a system by setting the debugging properties. Solaris Smart Cards offers standard debugging and a detailed trace of your operations, if specified.

If enabled, debugging information is logged to a file. You can control the level and amount of debugging information on 0-9 scale. Debugging is disabled by default.

How to Enable Debugging (Console)

Use the Debug folder if you want to set up the ocfserv debugging property. Setting up debugging is optional.

  1. Select OCF Server from the Navigation pane.

  2. Double-click the icon representing the local system.

  3. Select the Debug folder.

  4. Slide the indicator for the OCF Debug Level slider to the right to indicate the level of debugging you want on the OCF Server.

  5. Slide the indicator for the Open Card Trace Level slider to the right to indicate the trace level you want on the OCF Server.

  6. (Optional) Specify an alternate name for the debug file.

    1. Click Browse to view the file systems on the system.

    2. Type the fully qualified path name for the debug file in the OCF Debug File Location field.

  7. Click Apply or OK.

  8. If you are prompted to restart ocfserv, press Don't Restart OCF.

Enabling Debugging From the Command Line

The following debugging properties are defined for ocfserv by default:

debugging.filename        = /var/run/ocf.log
debugging                 = 0
OpenCard.trace            = com.sun:9 opencard.core:9

Note -

If you are running a previous Solaris 8 release, the debugging log file might be called /tmp/ocf_debugfile.


Is the name of the file to contain debugging information. 

debugging = 0

Means that debugging is disabled. Debugging is enabled if debugging = 1.


Is the OpenCard trace level. 

How to Enable Debugging (Command Line)

Use the following procedure to enable smart card debugging.

  1. Become superuser.

  2. Enable smart card debugging by setting debugging=1.

    # smartcard -c admin -x modify debugging=1

    In the following example, the location of the ocfserv debugging file is changed by specifying the -x modify debugging.filename option and a fully qualified file name for the debugging file.

    # smartcard -c admin -x modify debugging.filename=/var/tmp/sc.debug

How to Disable Smart Card Operations (Command Line)

You might need to disable smart card operations on a system if a smart card configuration error does not allow a user to log in with a smart card, or if a system no longer needs a smart card login.

  1. Become superuser.

  2. Bring the system to single-user mode.

    # shutdown -g180 -y
  3. Disable smart card operations.

    # smartcard -c disable
  4. Bring the system up to multiuser mode and return to the desktop environment.

    Entering System Maintenance Mode
    Sun Microsystems Inc.   SunOS 5.8       Generic February 2000
    # (Press Control-D)
    ENTER RUN LEVEL (0-6, s or S) [3]: 3

How to Resolve Smart Card Configuration Problems

The /etc/smartcard/ file stores important smart card configuration information. This file requires no administration and should not be edited manually. However, if you inadvertently introduced a problem in your smart card configuration by using either the SmartCard Console or the command line, you can restore the previous version of the /etc/smartcard/ file from the command line.

  1. Become superuser.

  2. Change to the /etc/smartcard directory.

  3. Save the current version first.

    #  cp
  4. Copy the previous version to the current version.

    # cp

How to Resolve Applet Downloading Problems

  1. If you see the following message while trying to download the applet on the card, it is possible that you have not added the ATR of the smart card inserted in the reader to the list of valid ATRs the system can accept.

  2. Try updating the card's ATR by following the procedure in "How to Add or Change the ATR on a Smart Card (Console)".

How to Resolve Missing Smart Card ATR Problems

When you try to add the smart card by using the SmartCard Console, a screen displays the ATR of the card inserted in the reader. If the ATR displayed does not exist in the list of valid ATRs, add the ATR to the card-name.ATR property.

See "How to Add or Change the ATR on a Smart Card (Console)" for more information.

Example--Adding a Missing ATR of a Smart Card (Command Line)

Display ocfserv properties to see if the card_name.ATR property exists.

# smartcard -c admin

For example, ocfserv lists a property MySCM.0.ATR, where MySCM is the user-friendly name of the card reader. This property reflects the ATR of the smart card inserted in the reader. This property is temporary and is added by ocfserv only for the time the card is in the reader. This property is removed when the card is removed.

Add this ATR to the card_name.ATR property if the ATR displayed by this property does not exist in the list of valid ATRs.

How to Resolve Smart Card Login Problems

After you have enabled smart card operations and logged of the system, the CDE login screen displays the following prompt:

Please insert SmartCard
  1. If you are unable to log into your system using a smart card because of smart card setup problems, try logging in remotely with the rlogin or telnet commands.

  2. Become superuser, then attempt to disable smart card operations, rather than try to re-install the system first.

    After smart card operation is disabled, the CDE screen displays the following prompt:

    Enter User Name