Safeguard Authentication Services for Smart Cards requires that you:
Ensure that you can use this card to log on to a Windows workstation before attempting to use it to log in with Safeguard Authentication Services for Smart Cards.
Safeguard Authentication Services for Smart Cards is bundled as a separate installation package on the Safeguard Authentication Services Installation media.
To install Safeguard Authentication Services for Smart Cards on a supported platform, run the Safeguard Authentication Services installation script, as follows.
# ./install.sh vasclnt vassc
Note: If Safeguard Authentication Services is already installed, you can omit the "vasclnt" argument.
Configuring the vendor’s PKCS#11 library
Configuring the vendor's PKCS#11 library using VASTOOL
Configuring the vendor's PKCS#11 library by editing the configuration file
Configuring the PKCS#11 library for 32-bit and 64-bit versions
Configuring the card slot for your PKCS#11 library
Configuring the card slot using VASTOOL
Configuring the vendor's PKCS#11 slot by editing the configuration file
Configuring PAM applications for smart card login
Security issues when configuring smart card login
Usability issues with PAM applications
Enabling smart card login for selected services
Configuring applications for smart card and password login
Configuring applications for smart card login
Configure Gnome Display Manager (GDM)
Configure K Display Manager (KDM)
Configure X Display Manager (XDM)
Configuring certificates and CRLs
How Safeguard Authentication Services for Smart Cards uses certificates and CRLs
Map certificate to user (implicit and explicit)
Bootstrapping trusted certificates
Options for controlling certificate and CRL processing
You must configure Safeguard Authentication Services for Smart Cards to work with your vendor's PKCS#11 library drivers.
Safeguard Authentication Services for Smart Cards interfaces with the smart card and the smart card reader using the vendor’s PKCS#11 driver. This is a shared library implementing a standard interface supported by most card vendors for accessing the cryptographic functions of smart cards and tokens.
Note: Safeguard Authentication Services for Smart Cards is derived from the RSA Security Inc. PKCS#11 Cryptographic Token Interface (Cryptoki).
Safeguard Authentication Services for Smart Cards requires that you configure Safeguard Authentication Services with the location of your vendor's PKCS#11 driver. If the driver is not configured you will be unable to use some smart card functions and it displays an error similar to this:
vastool smartcard info card ERROR: no PKCS#11 library specified in vas.conf
To configure Safeguard Authentication Services you need to know the location of your vendor's PKCS#11 shared library on the file system. Consult your vendor documentation for this information.
Note: You can specify the location of the PKCS#11 using either the full path to the PKCS#11 shared library or a path relative to the appropriate pkcs11 library subdirectory under /opt/quest for your architecture. For example, /opt/quest/lib/pkcs11 on x86 Linux systems. See Configuring the PKCS#11 library for 32-bit and 64-bit versions.
The Gemalto 5.1 Drivers for Red HatLinux on x86 platforms are installed in /usr/local/lib/libxltCk.so.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center
