Go to main content

Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.3

Exit Print View

Updated: May 2019
 
 

How to Log In as a Role With Smart Card Authentication

Before You Begin

You are logged in to a PC or workstation that has a CCID-compliant smart card reader attached. The root account has its own certificate. In Step 3 in How to Configure PAM for 2FA With Smart Cards, you started to locate and map certificates for privileged users.

  1. Open a terminal window.
  2. Switch user to the role.

    In this example, you switch to the root role.

    $ su -

    The terminal displays the progress of smart card authentication.

    Smartcard authentication starts
    Smart card found.
    Welcome root!
  3. Type the smart card PIN.

    If you typed the correct PIN, a series of "verifying certificate" messages display, and you are logged in.

    Smart card PIN: nnnnnnnn
    verifying certificate
    verifying certificate 
    ...
    Oracle Corporation   SunOS 5.11
    You have new mail.
    root@server: ~#
  4. If you typed the wrong PIN, you are logged in as your username, not the role.
    Error 2320: Wrong smartcard PIN
    su: Authentication failed
    username@server: ~$

    To switch to the role, repeat the procedure.

  5. Type exit to log out of the session.