The main configuration tasks are to install the smartcard package that contains the software, configure PAM, connect the LDAP server to the software, add and configure the software providers, register the smart cards and test. The steps in order are as follows:
Install the smartcard package. If you are a U.S. Government organization, also install the pkcs11_cackey package – Installing Smart Card Packages.
Run the OpenSSH version of Secure Shell on the smart card server and the smart card clients – How to Use the OpenSSH Implementation of Secure Shell in Managing Secure Shell Access in Oracle Solaris 11.3.
(Optional) Review the pcsclite interface for communicating with smart cards – Using pcsclite for Smart Cards.
(Optional) Configure the ccid XML file if default configuration is insufficient – Configuring libccid for Smart Card Readers.
Configure a local or remote desktop for smart card users – Configuring a Desktop for Users With Smart Cards.
Create certificates and configure the OCSP responder for certificate validation Configuring OCSP Certificates for Smart Cards.
OCSP relies on the libpki module from Oracle Solaris to manage the PKI certificates that OCSP validates. You can skip this step if you are storing certificates and using CRLs locally.
Configure pam_pkcs11.conf to obtain X.509 certificate information from a smart card – How to Display a Smart Card's X.509 Certificate.
Configure PAM to use the pam_pkcs11 module – How to Configure PAM for 2FA With Smart Cards.
Register user smart cards and the root certificate with the ssh client – How to Configure the Secure Shell Client for Smart Cards.