Chat now with support
Chat with Support

We are currently experiencing a OneLogin Outage within the US region, please consult https://www.onelogin.com/status for further details.

Safeguard Authentication Services 5.1.3 - Authentication Services for Smart Cards Administration Guide

Privileged Access Suite for UNIX Introducing Safeguard Authentication Services for Smart Cards Installing Safeguard Authentication Services for Smart Cards Configuring Safeguard Authentication Services for Smart Cards
Configuring the vendor’s PKCS#11 library Configuring the card slot for your PKCS#11 library Configuring PAM applications for smart card login Configuring certificates and CRLs Locking the screen saver upon card removal (macOS)
Testing Safeguard Authentication Services for Smart Cards Troubleshooting

The vastool smartcard command line utility

vastool is a script-friendly command line utility that exposes a wide range of functionality to the UNIX/Linux system administrator. Safeguard Authentication Services for Smart Cards adds an additional smartcard command to allow configuration and troubleshooting of smart card-related issues. The following table lists some of the commands and functionality which you can access by running vastool smartcard command. For a complete list, see the vastool man page.

Table 1: vastool smartcard commands
Command Function

configure

Configure smart card related settings such as the PKCS#11 driver and PAM.

info

Display information about smart cards and drivers.

test

Test smart card functionality.

trusted-certs

Manage the store of trusted certificates.

unconfigure

Remove smart card related settings.

Vendor PKCS#11 drivers

PKCS#11 is a standard software interface for accessing cryptographic functions on smart cards. Safeguard Authentication Services for Smart Cards uses the vendor-provided PKCS#11 drivers to interface with the card.

Safeguard Authentication Services integrates with third-party drivers, such as OpenSC. Once the drivers are installed, Safeguard Authentication Services references these drivers from the installed shared library. Therefore, you need to know the name and location of this library when you configure Safeguard Authentication Services for Smart Cards.

NOTE: Safeguard Authentication Services for Smart Cards is derived from the RSA Security Inc. PKCS#11 Cryptographic Token Interface (Cryptoki).

Installing Safeguard Authentication Services for Smart Cards

Before you install the smart card drivers and the Safeguard Authentication Services software, you must first install the Safeguard Authentication Services agent and join your UNIX host to the Active Directory domain.

For step-by-step instructions, see the Safeguard Authentication Services Installation Guide on the One Identity Support Site.

Installing vendor smart card drivers

When using Safeguard Authentication Services for Smart Cards, you must install and configure vendor drivers for your cards and readers. For example, you must have a working PKCS#11 library. This is a shared library that implements the PKCS#11 Cryptographic Token Interface Standard. Consult your smart card vendor documentation for more details.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating