GDM includes a graphical application that you can use to configure GDM. The following steps document how to disable remote login with this application:
To disable remote login
- Run /usr/bin/gdmsetup.
- Click the XDMCP tab.
- Verify that the Enabled XDMCP is not selected.
Note: Whether modifying the GDM configuration manually or by using /usr/bin/gdmsetup, you must restart GDM.
To perform smart card login by means of Gnome Display Manager (GDM)
- Insert your smart card.
- Enter your username or UPN at the Username: prompt, if required.
Note: GDM permits a null entry. An unspecified username allows the pam_vas_smartcard module to obtain the username from the smart card itself.
- Enter your PIN at the Password: prompt.
- Click the Login button.
The K Display Manager (KDM) is a PAM application providing graphical login. The following sections document how to configure and use KDM with smart card authentication.
To configure KDM for smart card
- Run the following command:
vastool smartcard configure pam kde
Unlike GDM, KDM presents both a Username: and a Password: prompt simultaneously to the user. You can not change these prompts. The prompt-vassc-user and prompt-vassc-pin options in the [pam_vas] section of vas.conf have no effect.
Note that KDM displays additional information from the Safeguard Authentication Services PAM module in a pop-up window, which only disappears when the user clicks OK. Thus, the prompt-style and show-token-status options are not recommended for KDM.