The vastool utility provides an option to test whether a PKCS#11 library is suitable for use with Safeguard Authentication Services for Smart Cards.
To test the PKCS #11 library
-
Run the following command:
vastool smartcard -l <library> test library
where <library> is the path to the PKCS#11 library you want to test.
For example, to test the Gemalto PKCS#11 drivers on a Red Hat x86 platform, run the following command:
vastool smartcard -l \
/usr/local/lib/libxltCk.so test library
This displays the following output if the driver is correctly installed:
Testing PKCS#11 library '/usr/local/lib/libxltCk.so':
Checking PKCS#11 library may be dynamically loaded ... ok
Checking PKCS#11 library contains necessary symbols ... ok
Checking PKCS#11 function list can be obtained ... ok
Checking PKCS#11 library version is compatible ... ok
Checking PKCS#11 library can be initialized ... ok
Checking PKCS#11 library can be finalized ... ok
To configure the location of the PKCS#11 library using vastool
-
Log in and open a root shell.
-
Run the following command:
vastool smartcard configure pkcs11 lib <library>
where <library> is the path to the PKCS#11 library.
For example:
-
To configure the CoolKey PKCS#11 library, run the following command:
vastool smartcard configure pkcs11 lib /usr/lib/pkcs11/libcoolkeypk11.so
-
To configure the Gemalto 64-bit PKCS#11 library, run the following command:
vastool smartcard configure pkcs11 lib /usr/local/lib64/libxltCk.so
-
To configure the ActivClient PKCS#11 library, run the following command:
vastool smartcard configure pkcs11 lib /usr/local/ActivIdentity/ActivClient/lib/libacpkcs211.so
NOTE: You can configure the PKCS#11 Library using this procedure or by editing the vas.conf file.
You can manually configure the location of the vendor's PKCS#11 library by editing the setting in the /etc/opt/quest/vas.conf file.
To configure the PKCS#11 library by editing the vas.conf file
-
Log in and open a root shell.
-
In an editor of your choice, open the /etc/opt/quest/vas/vas.conf file.
-
Add the following section:
[pkcs11]
pkcs11-lib = <library>
where <library> is the path to the vendor's PKCS#11 library.
When you install Safeguard Authentication Services for Smart Cards on a 64-bit platform, you install both 64-bit and 32-bit versions of the libraries and Safeguard Authentication Services PAM modules. If you want to use both architectures (for example, to allow smart card login using a 32-bit application), you need both 32-bit and 64-bit PKCS#11 libraries.
To install both these libraries, follow the appropriate steps for your platform.
