One Identity designed Safeguard Authentication Services for Smart Cards to support the PKCS #11 standard software interface and has tested it against OpenSC PKCS#11 library. This release of Safeguard Authentication Services for Smart Cards supports all cards and readers that are supported by the RSA Security Inc. PKCS#11 Cryptographic Token Interface (Cryptoki).
Safeguard Authentication Services for Smart Cards has the following components:
- The Safeguard Authentication Services for Smart Cards plugin.
- The pam_vas_smartcard PAM module.
- The vastool smartcard command line utility.
- Vendor PKCS#11 drivers.
The Safeguard Authentication Services for Smart Cards plugin is installed by the installer and provides the core smart card functionality.
Pluggable Authentication Module (PAM) is an API that allows the system administrator to configure authentication mechanisms rather than hardcoding authentication mechanisms into the application. Administrators can customize an application's authentication system by making changes to /etc/pam.conf or an application-specific file in the /etc/pam.d/ directory.
Safeguard Authentication Services PAM modules are shared libraries that add support for a specific authentication mechanism. Unix platforms that support PAM normally have a PAM module called pam_unix for standard Unix authentication.
pam_vas_smartcard is an Safeguard Authentication Services PAM module that supports login with a smart card. It provides many of the same features as the standard pam_vas module, including the ability to create home directories, perform UID conflict checking, and machine-based access control.
For information on configuring the pam_vas_smartcard module see the pam_vas_smartcard man page.