立即与支持人员聊天
与支持团队交流

Safeguard Authentication Services 5.0.2 - Authentication Services for Smart Cards Administration Guide

Privileged Access Suite for Unix Introducing Safeguard Authentication Services for Smart Cards Installing Safeguard Authentication Services for Smart Cards Configuring Safeguard Authentication Services for Smart Cards
Configuring the vendor’s PKCS#11 library Configuring the card slot for your PKCS#11 library Configuring PAM applications for smart card login Configuring certificates and CRLs Locking the screen saver upon card removal (macOS)
Testing Safeguard Authentication Services for Smart Cards Troubleshooting

Disabling remote login

To disable remote login

  1. Open the KDM configuration file for editing.

    Typically this file is located at /etc/X11/xdm/xdm-config or /usr/share/config/kdm/kdmrc on Redhat.

  2. Look for the [XDMCP] section and verify that the Enable property is either not present, commented out, or is set to false, like this:

    [XDMCP] Enable=false.

Using KDM with a smart card

To perform smart card login by means of K Display Manager (KDM)

  1. Insert your smart card.
  2. Enter your username or UPN at the Username: prompt.
  3. Enter your PIN at the Password: prompt.
  4. Click the Login button.

KDM calls the pam_vas_smartcard module to perform the authentication.

Note: KDM displays the Username: and Password: prompts regardless of the presence or absence of the smart card in the reader. In addition, KDM does not allow you to enter an empty username. While GDM permits an unspecified username, KDM requires one. Failure to provide a username results in a "login failed" message.

Configure X Display Manager (XDM)

The X Display Manager (XDM) is a PAM application providing graphical login. The following sections document how to configure XDM with smart card authentication.

Configure XDM for smart card

To configure XDM for smart card

  1. Run the following command:
    vastool smartcard configure pam xdm

XDM is similar to KDM. It displays a Login: and a Password: prompt, neither of which you can modify. Thus the prompt-vassc-user and prompt-vassc-pin options in the [pam_vas] section of vas.conf have no effect.

XDM does not display any additional information from the Safeguard Authentication Services PAM module. Thus, the prompt-style and show-token-status options also have no effect under XDM.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级