Getting Started With Solaris Smartcard

This chapter shows an administrator how to set up an initial Solaris Smartcard configuration:

• "To Start the Smartcard Console from the CDE Desktop"

• "Setting Up a Desktop for Smartcard Login"

• "To Activate a Card Reader"

• "To Add Support for a New Card Type (New ATR)"

• "To Load the Smartcard Applet to a Smart Card"

• "To Set Up a User Profile"

• "To Verify a PIN for a Smart Card "

• "To Change the PIN on a Card"

• "To Enable Smartcard on a System"

• "To Set Smartcard Timeouts (Console)"

• "To Set Card Removal Options (Console)"

Starting or Restarting the Smartcard Console

The Smartcard Console is the graphical user interface (GUI) used to manage the Solaris Smartcard software.

To Start the Smartcard Console from the Command Line

1. Log in as root or su to root.

   ---

   Note - If you log in as a regular user, you can run Smartcard, but you can only perform two tasks: Load Applets and Configure Applets.

   ---

2. Start the Smartcard Console:

   # /usr/dt/bin/sdtsmartcardadmin &

   ---

   Note - Before you su to root you may need to disable X server access control, since root is not granted access by default. Disable X server access control by running /usr/openwin/bin/xhost +hostname where hostname is the local host. After starting the Smartcard Console, run xhost -hostname to enable access control again.

   ---

To Start the Smartcard Console from the CDE Desktop

1. Log in as root to the Common Desktop Environment (CDE).

   If you are currently running CDE under your login name, exit CDE and log in as root.

   ---

   Note - If you log in as a regular user, you can run Smartcard, but you can only perform two tasks: Load Applets and Configure Applets.

   ---

2. On the CDE control panel, click the up arrow on the Applications subpanel.

   By default, the Text Note icon, a pinned note with a pencil above it, represents the Applications subpanel.

3. Select Applications to display the Application Manager.

4. Double-click the System_Admin icon in Application Manager.

5. Double-click the Smart Card icon to start the Smartcard Console.

   You may have to scroll down to find the Smart Card icon.

Note - You can also start the Smartcard Console from the desktop Workspace menu; sdtsmartcardadmin should be found at the top level or in the Tools submenu.

Setting Up a Desktop for Smartcard Login

To set up Smartcard login for the desktop of a Sun workstation running the Solaris 8 or Solaris 9 operating environment, perform the tasks described below. For some tasks, a command line example is shown first, followed by Smartcard Console instructions. For complex tasks, the command line example is a link to a later chapter.

Note - You must be root to perform most of these tasks.

To Activate a Card Reader

Note that even if your new workstation has an internal card reader, you must activate it before it can be used. If you are activating an external card reader, it must first be physically attached to a serial port of the system, according to instructions in the card reader documentation.

Command Line Example

See "Adding a Card Reader (Command Line)" for examples.

Smartcard Console Instructions

1. Click Card Readers in the Smartcard Console's Navigation pane.

   The Add Reader icon is displayed in the Console pane. Icons for any enabled card reader types are also displayed.

2. Double-click Add Reader in the Console pane.

   The Add Reader dialog box is displayed.

3. Double-click the type of card reader you want to add or select it and click OK.

   To enable the Sun internal card reader, select Sun SCRI Internal Card Terminal Reader. The CardReaders dialog box is displayed.

4. Select the Basic Configuration tab.

5. Type a name for the reader in the Unique Card Terminal Name field.

   Leave the current name if you do not wish to change it. Do not include any spaces in the name.

6. Click the down arrow under Device Port.

7. Select the port that the card reader is attached to.

8. Click OK.

9. Restart ocfserv, if prompted to do so.

   The ocfserv process is restarted the next time you use the Smartcard Console or execute the smartcard command.

To Add Support for a New Card Type (New ATR)

To use a new type of smart card, you have to provide its Answer to Reset (ATR) property to ocfserv. Do the following to add support for a new card type.

Command Line Example

As root, type the following to add "12345" as a new PayFlex ATR:

# smartcard -c admin -x modify "PayFlex.ATR=3B69000057100A9 3B6911000000010100 12345"

Note - You must enter the current ATRs and the new ATR.

Smartcard Console Instructions

1. Insert the smart card with the new ATR in the card reader.

2. In the Navigation pane, select Smart Cards.

3. Double-click the icon representing the type of card currently inserted.

   The Smart Card dialog box displays a list of the known ATRs for this card type.

4. If this is a new ATR, click Add.

   The Add ATR dialog box is displayed, with the ATR of the card inserted in the card reader shown in the "Inserted Card's ATR" listbox.

   ---

   Note - To determine if the ATR value of the inserted card has been registered, click the Add button. If nothing is listed, your card's ATR is already known; otherwise you should perform the steps below.

   ---

5. Select the ATR of the inserted card or type the new ATR in the New ATR field.

   You can find the new ATR value in the smart card product literature.

6. Click OK in the Add ATR dialog box.

   The new ATR is added to the list in the Smart Card dialog box.

7. Select the new ATR in the list in the Smart Card dialog box.

8. Click OK in the Smart Card dialog box to activate the change.