vastool is a script-friendly command line utility that exposes a wide range of functionality to the Unix/Linux system administrator. Authentication Services for Smart Cards adds an additional smartcard command to allow configuration and troubleshooting of smart card-related issues. The following table lists some of the commands and functionality which you can access by running vastool smartcard command. For a complete list, see the vastool man page.
|configure||Configure smart card related settings such as the PKCS#11 driver and PAM.|
|info||Display information about smart cards and drivers.|
|test||Test smart card functionality.|
|trusted-certs||Manage the store of trusted certificates.|
|unconfigure||Remove smart card related settings.|
PKCS#11 is a standard software interface for accessing cryptographic functions on smart cards. Authentication Services for Smart Cards uses the vendor-provided PKCS#11 drivers to interface with the card.
Authentication Services integrates with third-party drivers, such as OpenSC. Once the drivers are installed, Authentication Services references these drivers from the installed shared library; therefore, you need to know the name and location of this library when you configure Authentication Services for Smart Cards.
Note: Authentication Services for Smart Cards is derived from the RSA Security Inc. PKCS#11 Cryptographic Token Interface (Cryptoki).
Before you install the smart card drivers and the Authentication Services software, you must first install the Authentication Services agent and join your Unix host to the Active Directory domain.
Refer to the Authentication Services Installation Guide for step-by-step instructions. See the Authentication Services - Technical Documentation page on the One Identity support site for this guide.
When using Authentication Services for Smart Cards, you must install and configure vendor drivers for your cards and readers. For example, you must have a working PKCS#11 library. This is a shared library that implements the PKCS#11 Cryptographic Token Interface Standard. Consult your smart card vendor documentation for more details.