One Identity designed Authentication Services for Smart Cards to support the PKCS #11 standard software interface and has tested it against OpenSC PKCS#11 library, CoolKey PKCS#11 Library, Gemalto PKCS#11 driver, and ActivClient PKCS#11 library. This release of Authentication Services for Smart Cards supports all cards and readers that are supported by the RSA Security Inc. PKCS#11 Cryptographic Token Interface (Cryptoki). See RSA Laboratories for details of this standard.
Authentication Services for Smart Cards has the following components:
The Authentication Services for Smart Cards plugin is installed by the installer and provides the core smart card functionality.
Pluggable Authentication Module (PAM) is an API that allows the system administrator to configure authentication mechanisms rather than hardcoding authentication mechanisms into the application. Administrators can customize an application's authentication system by making changes to /etc/pam.conf or an application-specific file in the /etc/pam.d/ directory.
Authentication Services PAM modules are shared libraries that add support for a specific authentication mechanism. Unix platforms that support PAM normally have a PAM module called pam_unix for standard Unix authentication.
pam_vas_smartcard is a Authentication Services PAM module that supports login with a smart card. It provides many of the same features as the standard pam_vas module, including the ability to create home directories, perform UID Conflict Checking and machine-based access control.
For information on configuring the pam_vas_smartcard module see the pam_vas_smartcard man page.