Go to main content

Managing Authentication in Oracle® Solaris 11.4

Exit Print View

Updated: August 2019
 
 

Configuring libccid for Smart Card Readers

The default configuration of libccid is typically sufficient for smart card authentication. You might change the configuration during debugging.

The version of the library is in the Version field of the package information:

$ pkg info ccid
             Name: library/security/pcsc-lite/ccid
          Summary: Provides smart card reader drivers for pcsclite (PC/SC)
...
          Version: version

You can set the debug level and change the voltage level in Info.plist, the configuration file for the CCID driver. By default, it is installed in the /usr/lib/$ISA/pcsc/drivers/ifd-ccid.bundle/Contents directory.

The CCID driver uses the pcsclite debug function. Debug output goes to stdout or syslog depending on how you configure pcsclite debugging.

How to Configure and Debug libccid

Before You Begin

You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

  1. Set a useful debug level.

      The debug level is set in the ifdLogLevel field. It is a binary OR combination of four different levels:

    • 1 – Critical: Important error messages

    • 2 – Info: Informative messages such as which reader was detected

    • 4 – Comm: A dump of all the bytes exchanged between the host and the reader

    • 8 – Periodic: A periodic log (every 1/10 of a second) of activity during a pcscd test if a card is present

    By default the debug level is set to 3 (1 + 2) and corresponds to the critical and info levels.

  2. Set the voltage level to the tolerance of your smart card reader.

    Modify the ifdDriverOptions field.

      The voltage level is a binary OR combination of 4 different levels.

    • 0 – Power on the card at 5V (default value)

    • 16 – Power on the card at 3V, and if 3V fails then power on the card at 5V

    • 32 – Power on the card at 1.8V, then 3V, and then 5V

    • 48 – Let the smart card reader decide the voltage level

    By default the voltage level is set to 0 and corresponds to 5V.


    Caution

    Caution  -  If your smart card reader requires low voltage, the reader will burn out and destroy smart cards if you do not lower the voltage.


  3. Restart the driver to read the modified Info.plist settings.

    You have two options:

    • Unplug all CCID readers, which unloads the CCID driver. Then, plug them in again.
    • Or, you can restart the pcsc service daemon.
      # svcadm restart pcsc

Next Steps

You can also configure version numbers and USB device numbers in this file.