立即与支持人员聊天
与支持团队交流

Safeguard Authentication Services 5.0.4 - Authentication Services for Smart Cards Administration Guide

Privileged Access Suite for Unix Introducing Safeguard Authentication Services for Smart Cards Installing Safeguard Authentication Services for Smart Cards Configuring Safeguard Authentication Services for Smart Cards
Configuring the vendor’s PKCS#11 library Configuring the card slot for your PKCS#11 library Configuring PAM applications for smart card login Configuring certificates and CRLs Locking the screen saver upon card removal (macOS)
Testing Safeguard Authentication Services for Smart Cards Troubleshooting

Editing the GDM configuration file with the graphical application

GDM includes a graphical application that you can use to configure GDM. The following steps document how to disable remote login with this application:

To disable remote login

  1. Run /usr/bin/gdmsetup.
  2. Click the XDMCP tab.
  3. Verify that the Enabled XDMCP is not selected.

Note: Whether modifying the GDM configuration manually or by using /usr/bin/gdmsetup, you must restart GDM.

Using GDM with a smart card

To perform smart card login by means of Gnome Display Manager (GDM)

  1. Insert your smart card.
  2. Enter your username or UPN at the Username: prompt, if required.

    Note: GDM permits a null entry. An unspecified username allows the pam_vas_smartcard module to obtain the username from the smart card itself.

  3. Enter your PIN at the Password: prompt.
  4. Click the Login button.

Configure K Display Manager (KDM)

The K Display Manager (KDM) is a PAM application providing graphical login. The following sections document how to configure and use KDM with smart card authentication.

Configuring KDM for smart card

To configure KDM for smart card

  1. Run the following command:
    vastool smartcard configure pam kde

Unlike GDM, KDM presents both a Username: and a Password: prompt simultaneously to the user. You can not change these prompts. The prompt-vassc-user and prompt-vassc-pin options in the [pam_vas] section of vas.conf have no effect.

Note that KDM displays additional information from the Safeguard Authentication Services PAM module in a pop-up window, which only disappears when the user clicks OK. Thus, the prompt-style and show-token-status options are not recommended for KDM.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级