Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Authentication Services for Smart Cards Administration Guide

One Identity Privileged Access Suite for Unix Introducing Authentication Services for Smart Cards Installing Authentication Services for Smart Cards Configuring Authentication Services for Smart Cards
Configuring the vendor’s PKCS#11 library Configuring the card slot for your PKCS#11 library Configuring PAM applications for smart card login Configuring certificates and CRLs
Testing Authentication Services for Smart Cards Troubleshooting

Configuring XDM

The X Display Manager (XDM) is a PAM application providing graphical login. The following sections document how to configure XDM with smart card authentication.

Configure XDM for smart card

To configure XDM for smart card

  1. Run the following command:
    vastool smartcard configure pam xdm

XDM is similar to KDM. It displays a Login: and a Password: prompt, neither of which you can modify. Thus the prompt-vassc-user and prompt-vassc-pin options in the [pam_vas] section of vas.conf have no effect.

XDM does not display any additional information from the Authentication Services PAM module. Thus, the prompt-style and show-token-status options also have no effect under XDM.

Disable remote login

One Identity recommends that you disable remote login for XDM by disabling the X display manager control protocol (XDMCP).

Note: XDMCP is disabled by default.

To manually disable XDMCP

  1. Open the XDM configuration file for editing.

    This file is typically located at /etc/X11/xdm/xdm-config.

  2. Verify that the DisplayManager.requestPort property is set to 0, like this:

    DisplayManager.requestPort: 0

Configuring console login

The /usr/bin/login program is a PAM application for performing login to the system. Typically /usr/bin/login is called by the getty program for login to the console. The following sections document how to configure and use console login with smart card authentication.

Related Documents