Safeguard Authentication Services for Smart Cards requires that you:
-
Enable smart card log on support for Active Directory.
-
Initialize your card using vendor supplied software.
-
Use your card to enroll for a smart card certificate with your Certificate Authority.
Ensure that you can use this card to log on to a Windows workstation before attempting to use it to log in with Safeguard Authentication Services for Smart Cards.
Safeguard Authentication Services for Smart Cards is bundled as a separate installation package on the Safeguard Authentication Services Installation media.
To install Safeguard Authentication Services for Smart Cards on a supported platform, run the Safeguard Authentication Services installation script, as follows:
# ./install.sh vasclnt vassc
NOTE: If Safeguard Authentication Services is already installed, you can omit the "vasclnt" argument.
Configuring Safeguard Authentication Services for Smart Cards
Safeguard Authentication Services for Smart Cards interfaces with the smart card and the smart card reader using the vendor’s PKCS#11 driver. This is a shared library implementing a standard interface supported by most card vendors for accessing the cryptographic functions of smart cards and tokens.
NOTE: Safeguard Authentication Services for Smart Cards is derived from the RSA Security Inc. PKCS#11 Cryptographic Token Interface (Cryptoki).
Safeguard Authentication Services for Smart Cards requires that you configure Safeguard Authentication Services with the location of your vendor's PKCS#11 driver. If the driver is not configured you will be unable to use some smart card functions and it displays an error similar to this:
vastool smartcard info card
ERROR: no PKCS#11 library specified in vas.conf
To configure Safeguard Authentication Services you need to know the location of your vendor's PKCS#11 shared library on the file system. Consult your vendor documentation for this information.
NOTE: You can specify the location of the PKCS#11 using either the full path to the PKCS#11 shared library or a path relative to the appropriate pkcs11 library subdirectory under /opt/quest for your architecture. For example, /opt/quest/lib/pkcs11 on x86 Linux systems. See Configuring the PKCS#11 library for 32-bit and 64-bit versions.
Example
The Gemalto 5.1 Drivers for Red Hat Linux on x86 platforms are installed in /usr/local/lib/libxltCk.so.