Chat now with support
Chat with Support

Safeguard Authentication Services 5.0.7 - Authentication Services for Smart Cards Administration Guide

Privileged Access Suite for Unix Introducing Safeguard Authentication Services for Smart Cards Installing Safeguard Authentication Services for Smart Cards Configuring Safeguard Authentication Services for Smart Cards
Configuring the vendor’s PKCS#11 library Configuring the card slot for your PKCS#11 library Configuring PAM applications for smart card login Configuring certificates and CRLs Locking the screen saver upon card removal (macOS)
Testing Safeguard Authentication Services for Smart Cards Troubleshooting

Logging in to Active Directory with your card

Safeguard Authentication Services for Smart Cards requires that you:

  • Enable smart card log on support for Active Directory.
  • Initialize your card using vendor supplied software.
  • Use your card to enroll for a smart card certificate with your Certificate Authority.

Ensure that you can use this card to log on to a Windows workstation before attempting to use it to log in with Safeguard Authentication Services for Smart Cards.

Installing Safeguard Authentication Services for Smart Cards software

Safeguard Authentication Services for Smart Cards is bundled as a separate installation package on the Safeguard Authentication Services Installation media.

To install Safeguard Authentication Services for Smart Cards on a supported platform, run the Safeguard Authentication Services installation script, as follows.

# ./install.sh vasclnt vassc

Note: If Safeguard Authentication Services is already installed, you can omit the "vasclnt" argument.

Configuring Safeguard Authentication Services for Smart Cards

You must configure Safeguard Authentication Services for Smart Cards to work with your vendor's PKCS#11 library drivers.

Configuring the vendor’s PKCS#11 library

Safeguard Authentication Services for Smart Cards interfaces with the smart card and the smart card reader using the vendor’s PKCS#11 driver. This is a shared library implementing a standard interface supported by most card vendors for accessing the cryptographic functions of smart cards and tokens.

Note: Safeguard Authentication Services for Smart Cards is derived from the RSA Security Inc. PKCS#11 Cryptographic Token Interface (Cryptoki).

Safeguard Authentication Services for Smart Cards requires that you configure Safeguard Authentication Services with the location of your vendor's PKCS#11 driver. If the driver is not configured you will be unable to use some smart card functions and it displays an error similar to this:

vastool smartcard info card
ERROR: no PKCS#11 library specified in vas.conf

To configure Safeguard Authentication Services you need to know the location of your vendor's PKCS#11 shared library on the file system. Consult your vendor documentation for this information.

Note: You can specify the location of the PKCS#11 using either the full path to the PKCS#11 shared library or a path relative to the appropriate pkcs11 library subdirectory under /opt/quest for your architecture. For example, /opt/quest/lib/pkcs11 on x86 Linux systems. See Configuring the PKCS#11 library for 32-bit and 64-bit versions.

For Example:

The Gemalto 5.1 Drivers for Red HatLinux on x86 platforms are installed in /usr/local/lib/libxltCk.so.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating