pam_smartcard(8) BSD System Manager's Manual pam_smartcard(8)NAME
pam_smartcard -- Smartcard PAM module
SYNOPSIS
[service-name] function-class control-flag pam_smartcard [options]
DESCRIPTION
The Smartcard PAM module supports authentication function class. In terms of the function-class parameter, this is ``auth.''
The Smartcard Authentication Module
This module permits or denies users based on smartcard authentication support in the Open Directory database, and the presence of an appro-
priate smartcard in the reader attached to the local machine. When a card is locked, the user is asked to unlock it with his PIN.
The following options may be passed to this account management module:
no_check_shell
Continues evaluation even if user's shell is not valid. Normally, users with a shell like /usr/bin/false are considered as disabled.
no_ignore
Return failure when an appropriate smartcard is not present.
EXAMPLE
Adding the following line on the top of the /etc/pam.d/sudo enables smartcard support for sudo:
auth sufficient pam_smartcard.so
SEE ALSO pam.conf(5), pam(8)SmartCardServices(7)BSD August 27, 2015 BSD
Check Out this Related Man Page
pam_smartcard(5) Standards, Environments, and Macros pam_smartcard(5)NAME
pam_smartcard - PAM authentication module for Smart Card
SYNOPSIS
/usr/lib/security/pam_smartcard.so
DESCRIPTION
The Smart Card service module for PAM, /usr/lib/security/pam_smartcard.so, provides functionality to obtain a user's information (such as
user name and password) for a smart card. The pam_smartcard.so module is a shared object that can be dynamically loaded to provide the nec-
essary functionality upon demand. Its path is specified in the PAM configuration file pam.conf. See pam.conf(4).
Smart Card Authentication Module
The Smart Card authentication component provides the pam_sm_authenticate(3PAM) function to verify the identity of a smart card user.
The pam_sm_authenticate() function collects as user input the PIN number. It passes this data back to its underlying layer, OCF, to perform
PIN verification. If verification is successful, the module returns PAM_SUCCESS, and passes the username and password from the smart card
to PAM modules stacked below.pam_smartcard.
The following options can be passed to the Smart Card service module:
debug syslog(3C) debugging information at LOG_DEBUG level.
nowarn Turn off warning messages.
verbose Turn on verbose authentication failure reporting to the user.
Smart Card Module Configuration
The PAM smart card module (pam_smartcard) can be configured in the PAM configuration file (/etc/pam.conf). For example, the following con-
figuration on on the desktop (Common Desktop Environment) forces a user to use a smart card for logging in.
The following are typical values set by 'smartcard -c enable', if the command is applied to the default configuration.
dtlogin auth requisite pam_smartcard.so.1
dtlogin auth required pam_authtok_get.so.1
dtlogin auth required pam_dhkeys.so.1
dtsession auth requisite pam_smartcard.so.1
dtsession auth required pam_authtok_get.so.1
dtsession auth required pam_dhkeys.so.1
SEE ALSO smartcard(1M), libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam_start(3PAM), pam.conf(4), pam_authtok_check(5), pam_authtok_get(5),
pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)NOTES
The pam_unix(5) module is no longer supported. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_auth-
tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).
SunOS 5.11 24 Oct 2002 pam_smartcard(5)