Chapter 1 Solaris Smartcard Overview

This chapter provides an overview of Solaris Smartcard features, supported smart cards and card readers, and planning information:

• Smartcard Features

• Smartcard Requirements

• Smartcard Login

• Package Descriptions

• Smartcard Man Pages

Smartcard Features

A Solaris Smartcard provides a somewhat more secure method for logging in to the Solaris desktop environment than is provided by the standard UNIX login. Information stored on the smart card verifies the identity of the user during login. A user who cannot provide the login information that is on the smart card is denied access to the desktop. The Solaris Smartcard software:

• Implements the Smartcard framework, which is based on the OCF1.1 standard

• Supports a variety of card readers

• Supports three widely-used smart cards

• Allows management from the Solaris Smartcard Console or the Solaris command line

• Protects login to the desktop environment through PIN authentication and provides a screen lock via dtsession when a smart card is removed from the card reader

• Lets a user store security credentials directly onto the card (Java cards only)

Smartcard Requirements

To use the Solaris Smartcard software, you need:

• A SPARC system running the Solaris 8 or Solaris 9 operating environment.

• A supported internal or external card reader and smart cards.

Solaris Smartcard supports the following smart cards and card readers.

• Payflex card

• iButton card

• Cyberflex card

• Sun SCRI External Serial Card Terminal Reader

• Sun SCRI Internal Card Terminal Reader

• iButton External Serial Card Terminal Reader

Smartcard Login

Secure desktop environments can be protected by requiring users to log in with a configured Solaris Smartcard. The following sequence explains what happens in the login process:

1. The dtlogin daemon prompts the user to insert a smart card and then to enter a personal identification number (PIN).

2. The pam_smartcard module compares the entered PIN with the PIN stored on the card.

3. If the typed PIN and PIN stored on the card match, the username and password are read from the card and used to authenticate the user, based on the specified search order for passwd in /etc/nsswitch.conf.

Package Descriptions

The following table lists the Solaris Smartcard packages added during a Solaris 9 installation.

Table 1–1 Solaris Smartcard Packages

Package Name	Description
SUNWjcom	Java Communications API for smart card support - Java code and Native code
SUNWjcomx	Java Communications API for smart card support - Native code (64–bit)
SUNWjib	Dallas Semiconductor serial iButton OCF Card Terminal Driver
SUNWocf	Open Card Framework - core libraries and utilities
SUNWocfr	Open Card Framework - configuration files
SUNWocfh	Open Card Framework - header files
SUNWocfx	Open Card Framework - core libraries (64–bit)
SUNWpamsc	Pluggable Authentication Module for smart card authentication
SUNWpamsx	Pluggable Authentication Module for smart card authentication (64–bit)
SUNWscgui	Solaris Smartcard Console
SUNWscmos	Smart OS used by SCM card terminal driver
SUNWscmsc	Sun SCRI OCF Card Terminal Driver

To remove a package, use the standard pkgrm command. Reinstall the package using the pkgadd command.

See “Managing Software (Tasks)” in System Administration Guide: Basic Administration for information on using these commands.

Smartcard Man Pages

Refer to the following man pages for detailed information about Smartcard commands:

• ocfserv(1M)

• pam_smartcard(5)

• smartcard(1M)