NAME | SYNOPSIS | DESCRIPTION | SEE ALSO | NOTES
/usr/lib/security/pam_smartcard.so
The Smart Card service module for PAM, /usr/lib/security/pam_smartcard.so, provides functionality to obtain a user's information (such as user name and password) for a smart card. The pam_smartcard.so module is a shared object that can be dynamically loaded to provide the necessary functionality upon demand. Its path is specified in the PAM configuration file pam.conf. See pam.conf(4).
The Smart Card authentication component provides the pam_sm_authenticate(3PAM) function to verify the identity of a smart card user.
The pam_sm_authenticate() function collects as user input the PIN number. It passes this data back to its underlying layer, OCF, to perform PIN verification. If verification is successful, the module returns PAM_SUCCESS, and passes the username and password from the smart card to PAM modules stacked below.pam_smartcard.
The following options can be passed to the Smart Card service module:
sysolg(3C) debugging information at LOG_DEBUG level.
Turn off warning messages.
Turn on verbose authentication failure reporting to the user.
The PAM smart card module (pam_smartcard) can be configured in the PAM configuration file (/etc/pam.conf). For example, the following configuration on on the desktop (Common Desktop Environment) forces a user to use a smart card for logging in.
The following are typical values set by 'smartcard -c enable', if the command is applied to the default configuration.
dtlogin auth requisite pam_smartcard.so.1 dtlogin auth required pam_authtok_get.so.1 dtlogin auth required pam_dhkeys.so.1 dtlogin auth required pam_unix_auth.so.1 dtsession auth requisite pam_smartcard.so.1 dtsession auth required pam_authtok_get.so.1 dtsession auth required pam_dhkeys.so.1 dtsession auth required pam_unix_auth.so.1
smartcard(1M), libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam_start(3PAM), pam.conf(4), pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)
The pam_unix(5) module might not be supported in a future release. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).
NAME | SYNOPSIS | DESCRIPTION | SEE ALSO | NOTES