Safeguard Authentication Services 5.0.2 - Authentication Services for Smart Cards Administration Guide

If you have multiple readers, or your card reader supports multiple slots, your vendor's PKCS#11 library may require you to specify the card slot with which you will be using to log in. If you do not specify a slot, Safeguard Authentication Services for Smart Cards will probe for the first available slot. Typically, you will not need to configure this option. For more details on which slot number to configure consult your vendor's PKCS#11 documentation.

If the slot is not specified correctly then some smart card functions may return an error, for example:

vastool smartcard info card
ERROR: smart card is not present in slot

Configuring the card slot using VASTOOL

Configuring Safeguard Authentication Services for Smart Cards > Configuring the card slot for your PKCS#11 library > Configuring the card slot using VASTOOL

To configure the location of the PKCS#11 library using vastool

Run the command:

vastool smartcard configure pkcs11 slot \
<slot-id>

where <slot-id> is the card slot.

Note: You can remove the PKCS#11 slot from the configuration by running the vastool smartcard unconfigure pkcs11 slot command.

Configuring the vendor's PKCS#11 slot by editing the configuration file

Configuring Safeguard Authentication Services for Smart Cards > Configuring the card slot for your PKCS#11 library > Configuring the vendor's PKCS#11 slot by editing the configuration file

You can manually configure the location of the vendor's PKCS#11 card slot by editing the setting in the /etc/opt/quest/vas.conf file.

To configure the location of the PKCS#11 card slot in vas.conf

Log in and open a root shell.
Open the /etc/opt/quest/vas/vas.conf file in the editor of your choice.
Locate the [pkcs11] section (or add one if not present), and add the following:
```
pkcs11-slot = <slot-id>
```
where <slot-id> is the number of the slot you want to use to log in.

Note: Remember that specifying a slot id is optional. Safeguard Authentication Services for Smart Cards will probe for an available slot if a slot id is not specified.

Configuring PAM applications for smart card login

Configuring Safeguard Authentication Services for Smart Cards > Configuring PAM applications for smart card login

To integrate Safeguard Authentication Services for Smart Cards with existing applications you need to configure PAM. This section describes in detail how to configure the pam_vas_smartcard module for different scenarios, and gives recommendations for which options works well with some common login applications. The following topics are discussed:

Security issues when configuring smart card login
Usability issues when configuring smart card login
Configuring PAM for smart card only login
Configuring PAM for smart card and password login
Configuring GDM
Configuring KDM
Configuring XDM
Configuring Console Login
Configuring Dtlogin

You can find background information on PAM and configuring Safeguard Authentication Services PAM modules in the Safeguard Authentication Services Administration Guide, which can be found on the Authentication Services - Technical Documentation page on the One Identity support site.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation

Veuillez sélectionner votre produit

Afin de mieux répondre à vos besoins, précisez l'objet du tchat:

Solutions recommandées pour votre problème

Safeguard Authentication Services 5.0.2 - Authentication Services for Smart Cards Administration Guide

Configuring the card slot for your PKCS#11 library

Configuring the card slot using VASTOOL

Configuring the vendor's PKCS#11 slot by editing the configuration file

Configuring PAM applications for smart card login