Go to main content

Managing Kerberos and Other Authentication Services in Oracle^® Solaris 11.3

Exit Print View

» ...Documentation Home » Oracle Solaris 11.3 Information Library » Managing Kerberos and Other Authentication ... » Using Smart Cards for Multifactor ... » Configuring an Oracle Solaris System for Smart ... » Main Smart Card Configuration Tasks

Updated: May 2019

Managing Kerberos and Other Authentication Services in Oracle^® Solaris 11.3

Document Information

Using This Documentation

Chapter 1 Using Pluggable Authentication Modules

Chapter 2 Kerberos on Oracle Solaris

Chapter 3 Planning for the Kerberos Service

Chapter 4 Configuring the Kerberos Service

Chapter 5 Users Using Kerberos

Chapter 6 Using Simple Authentication and Security Layer

Chapter 7 Using Smart Cards for Multifactor Authentication in Oracle Solaris

Two-Factor Authentication and Smart Cards

About Two-Factor Authentication

Implementation of Two-Factor Authentication in Oracle Solaris

Configuring an Oracle Solaris System for Smart Card Login

Main Smart Card Configuration Tasks

Installing Smart Card Packages

Using pcsclite for Smart Cards

Configuring libccid for Smart Card Readers

Configuring a Desktop for Users With Smart Cards

Configuring OCSP Certificates for Smart Cards

Configuring PAM for Smart Cards

Configuring Secure Shell Clients for Smart Cards

Enabling an Oracle Solaris System for Smart Card Login

How to Enable Smart Card Authentication

Enabling Your Web Browser and Email to Use Your Smart Card

How to Download Smart Card Certificates for Web and Email Use

How to Configure Firefox to Use Your Smart Card for Authentication

How to Configure Thunderbird to Use Your Smart Card for Signing and Encrypting Emails

Using a Smart Card

How to Log In From a Local Console With Smart Card Authentication

How to Log In as a Role With Smart Card Authentication

How to Log In Remotely by Using ssh With Smart Card Authentication

How to Use a Smart Card to ssh to a Remote GNOME Desktop

How to Use a Smart Card to Log In to Your Local GNOME Desktop

How to Authenticate With a Smart Card on a Screensaver

Chapter 8 Using One-Time Passwords for Multifactor Authentication in Oracle Solaris

Chapter 9 Configuring Network Services Authentication

Authentication Services Glossary

Language:

Main Smart Card Configuration Tasks

The main configuration tasks are to install the smartcard package that contains the software, configure PAM, connect the LDAP server to the software, add and configure the software providers, register the smart cards and test. The steps in order are as follows:

Install the smartcard package. If you are a U.S. Government organization, also install the pkcs11_cackey package – Installing Smart Card Packages.
Run the OpenSSH version of Secure Shell on the smart card server and the smart card clients – How to Use the OpenSSH Implementation of Secure Shell in Managing Secure Shell Access in Oracle Solaris 11.3.
(Optional) Review the pcsclite interface for communicating with smart cards – Using pcsclite for Smart Cards.
(Optional) Configure the ccid XML file if default configuration is insufficient – Configuring libccid for Smart Card Readers.
Configure a local or remote desktop for smart card users – Configuring a Desktop for Users With Smart Cards.
Create certificates and configure the OCSP responder for certificate validation Configuring OCSP Certificates for Smart Cards.

OCSP relies on the libpki module from Oracle Solaris to manage the PKI certificates that OCSP validates. You can skip this step if you are storing certificates and using CRLs locally.
Configure pam_pkcs11.conf to obtain X.509 certificate information from a smart card – How to Display a Smart Card's X.509 Certificate.
Configure PAM to use the pam_pkcs11 module – How to Configure PAM for 2FA With Smart Cards.
Register user smart cards and the root certificate with the ssh client – How to Configure the Secure Shell Client for Smart Cards.

Copyright © 2002, 2019, Oracle and/or its affiliates. All rights reserved.