Enabling Solaris Smartcard Desktop Login

The final step in setting up a desktop system is to enable desktop login using Solaris Smartcard. See To Enable Smartcard Usage (Command Line) for step-by-step instructions.

You cannot log in through dtlogin if you enable Smartcard and either of the following conditions is true:

• You do not have a working smart card, or

• You have not configured a smart card successfully

If you enable Smartcard before you have set up a working smart card configuration, do the following to disable Smartcard so that you can set up Smartcard for use:

1. Log in in to the system remotely with the ssh or rlogin command.

2. Become superuser (root).

3. Disable smart card operations.

   # smartcard -c disable

To Enable Smartcard Usage (Command Line)

Do the following to enable Solaris Smartcard usage on a system. A user must use an accepted smart card for the system and might need to type a PIN to successfully log in to this system after the desktop is enabled for Smartcard.

1. Become superuser on each system to be used in Smartcard operations.

2. Stop the desktop.

   # /etc/init.d/dtlogin stop

3. Turn on Solaris Smartcard operations.

   # smartcard -c enable

4. Restart the desktop.

   # /etc/init.d/dtlogin start

   ---

   Note –

   When CDE is configured for Smartcard login, /etc/pam.conf is modified to include pam_smartcard. For example, when smartcard -c enable is executed, the following lines are inserted at the top of the auth stacks for dtlogin and dtsession:

   dtlogin auth requisite pam_smartcard.so dtsession auth requisite pam_smartcard.so

   ---