Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Authentication Services for Smart Cards Administration Guide

One Identity Privileged Access Suite for Unix Introducing Authentication Services for Smart Cards Installing Authentication Services for Smart Cards Configuring Authentication Services for Smart Cards
Configuring the vendor’s PKCS#11 library Configuring the card slot for your PKCS#11 library Configuring PAM applications for smart card login Configuring certificates and CRLs
Testing Authentication Services for Smart Cards Troubleshooting

Supported cards and readers

One Identity designed Authentication Services for Smart Cards to support the PKCS #11 standard software interface and has tested it against OpenSC PKCS#11 library, CoolKey PKCS#11 Library, Gemalto PKCS#11 driver, and ActivClient PKCS#11 library. This release of Authentication Services for Smart Cards supports all cards and readers that are supported by the RSA Security Inc. PKCS#11 Cryptographic Token Interface (Cryptoki). See RSA Laboratories for details of this standard.

Authentication Services for Smart Cards components

Authentication Services for Smart Cards has the following components:

  • The Authentication Services for Smart Cards plugin
  • The pam_vas_smartcard PAM module
  • The vastool smartcard Command Line Utility
  • Vendor PKCS#11 drivers

Authentication Services for Smart Cards plugin

The Authentication Services for Smart Cards plugin is installed by the installer and provides the core smart card functionality.

The Authentication Services PAM module

PAM concepts

Pluggable Authentication Module (PAM) is an API that allows the system administrator to configure authentication mechanisms rather than hardcoding authentication mechanisms into the application. Administrators can customize an application's authentication system by making changes to /etc/pam.conf or an application-specific file in the /etc/pam.d/ directory.

Authentication Services PAM modules are shared libraries that add support for a specific authentication mechanism. Unix platforms that support PAM normally have a PAM module called pam_unix for standard Unix authentication.

pam_vas_smartcard features

pam_vas_smartcard is a Authentication Services PAM module that supports login with a smart card. It provides many of the same features as the standard pam_vas module, including the ability to create home directories, perform UID Conflict Checking and machine-based access control.

For information on configuring the pam_vas_smartcard module see the pam_vas_smartcard man page.

Related Documents