-
Title
How to enable smart card authentication on Centos 6.5 -
Description
This article is to describe steps need to configure smart card on Centos 6.5
-
Resolution
1 - Ensure card is setup and tested first
/opt/quest/bin/vastool smartcard test all
2 - Smart Card Auth and Create home directories must be enabled through Authentication Applet
3 - Run “vastool smartcard configure gdm”
4 - Edit /etc/pam.d/smartcard-auth
Add the following two lines in the auth section after the pam_env.so module:
auth sufficient pam_vas_smartcard.so
auth requisite pam_vas_smartcard.so echo_return
The file should look like this:
/etc/pam.d/smartcard-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_vas_smartcard.so
auth requisite pam_vas_smartcard.so echo_return
auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card card_only
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password required pam_pkcs11.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
-
Additional Information
/opt/quest/bin/vastool smartcard testInsert card and then /opt/quest/bin/vastool smartcard test login