Before You Begin
You are logged in to a PC or workstation that has a CCID-compliant smart card reader attached. The root account has its own certificate. In Step 3 in How to Configure PAM for 2FA With Smart Cards, you started to locate and map certificates for privileged users.
In this example, you switch to the root role.
$ su -
The terminal displays the progress of smart card authentication.
Smartcard authentication starts Smart card found. Welcome root!
If you typed the correct PIN, a series of "verifying certificate" messages display, and you are logged in.
Smart card PIN: nnnnnnnn verifying certificate verifying certificate ... Oracle Corporation SunOS 5.11 You have new mail. root@server: ~#
Error 2320: Wrong smartcard PIN su: Authentication failed username@server: ~$
To switch to the role, repeat the procedure.