Go to main content

Managing Kerberos and Other Authentication Services in Oracle^® Solaris 11.3

Exit Print View

» ...Documentation Home » Oracle Solaris 11.3 Information Library » Managing Kerberos and Other Authentication ... » Using Smart Cards for Multifactor ... » Using a Smart Card » How to Log In as a Role With Smart Card ...

Updated: May 2019

Managing Kerberos and Other Authentication Services in Oracle^® Solaris 11.3

Document Information

Using This Documentation

Chapter 1 Using Pluggable Authentication Modules

Chapter 2 Kerberos on Oracle Solaris

Chapter 3 Planning for the Kerberos Service

Chapter 4 Configuring the Kerberos Service

Chapter 5 Users Using Kerberos

Chapter 6 Using Simple Authentication and Security Layer

Chapter 7 Using Smart Cards for Multifactor Authentication in Oracle Solaris

Two-Factor Authentication and Smart Cards

About Two-Factor Authentication

Implementation of Two-Factor Authentication in Oracle Solaris

Configuring an Oracle Solaris System for Smart Card Login

Main Smart Card Configuration Tasks

Installing Smart Card Packages

Using pcsclite for Smart Cards

Configuring libccid for Smart Card Readers

Configuring a Desktop for Users With Smart Cards

Configuring OCSP Certificates for Smart Cards

Configuring PAM for Smart Cards

Configuring Secure Shell Clients for Smart Cards

Enabling an Oracle Solaris System for Smart Card Login

How to Enable Smart Card Authentication

Enabling Your Web Browser and Email to Use Your Smart Card

How to Download Smart Card Certificates for Web and Email Use

How to Configure Firefox to Use Your Smart Card for Authentication

How to Configure Thunderbird to Use Your Smart Card for Signing and Encrypting Emails

Using a Smart Card

How to Log In From a Local Console With Smart Card Authentication

How to Log In as a Role With Smart Card Authentication

How to Log In Remotely by Using ssh With Smart Card Authentication

How to Use a Smart Card to ssh to a Remote GNOME Desktop

How to Use a Smart Card to Log In to Your Local GNOME Desktop

How to Authenticate With a Smart Card on a Screensaver

Chapter 8 Using One-Time Passwords for Multifactor Authentication in Oracle Solaris

Chapter 9 Configuring Network Services Authentication

Authentication Services Glossary

Language:

How to Log In as a Role With Smart Card Authentication

Before You Begin

You are logged in to a PC or workstation that has a CCID-compliant smart card reader attached. The root account has its own certificate. In Step 3 in How to Configure PAM for 2FA With Smart Cards, you started to locate and map certificates for privileged users.

Open a terminal window.
Switch user to the role.
In this example, you switch to the root role.
```
$ su -
```
The terminal displays the progress of smart card authentication.
```
Smartcard authentication starts
Smart card found.
Welcome root!
```
Type the smart card PIN.
If you typed the correct PIN, a series of "verifying certificate" messages display, and you are logged in.
```
Smart card PIN: nnnnnnnn
verifying certificate
verifying certificate 
...
Oracle Corporation   SunOS 5.11
You have new mail.
root@server: ~#
```
If you typed the wrong PIN, you are logged in as your username, not the role.
```
Error 2320: Wrong smartcard PIN
su: Authentication failed
username@server: ~$
```
To switch to the role, repeat the procedure.
Type exit to log out of the session.

Copyright © 2002, 2019, Oracle and/or its affiliates. All rights reserved.