Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
2.  Getting Started With Solaris Smartcard Setting Up a Desktop for Smartcard Login To Add Support for a New Card Type (New ATR)  Previous   Contents   Next 
   
 

To Load the Smartcard Applet to a Smart Card

Do the following to load the Solaris Smartcard applet (SolarisAuthApplet) to a smart card. You must do this before you can add the user profile information.

Command Line Example

As root, with the smart card inserted in the card reader, type the following:

# smartcard -c load -i /usr/share/lib/smartcard/SolarisAuthApplet.capx

When the load finishes, the following message displays:

Operation successful.

Smartcard Console Instructions

  1. Insert the smart card into the reader.

  2. Select Load Applets icon in the Navigation pane.

  3. Double-click the SolarisAuthApplet icon in the Console pane

    The Load Applets dialog box is displayed. Available applets for various card types are displayed in the left listbox.

  4. Select the card type you want to initialize.

    Choices include CyberFlex, IButton, and PayFlex.

  5. Click the arrow between the two listboxes.

    The selected applet is copied to the Pending Applet Installations listbox, with a check in the checkbox and the name of the smart card displayed. If no card or the wrong smart card is inserted in the card reader, "No compatible devices inserted" is displayed. Insert the appropriate card.

  6. Click Install.

    A window labeled "Loading Applet to Device" is displayed. It takes a minute or so for the applet to load. When the installation is complete, a window with a confirmation message ("Applet Installation Successful") displays.

  7. Click OK to dismiss the confirmation window.

    The card now stores default values. If the card previously stored different PIN or user profile values, those values have been overwritten. See "PIN Property" and "User and Password Properties" for more information.

To Set Up a User Profile

Do the following to specify the username and password associated with the application(dtlogin) for the card being set up. For more information, see "To Create User Information on a Smart Card".

Command Line Example

As root, type the following on one line to set the user name to xxx and the password to yyy for the dtlogin application. In this example, the PIN is $$$$java, the default value:

# smartcard -c init -A A0000000620304000 -P '$$$$java' user=xxx 
password=yyy application=dtlogin

Note - You must enter the loaded applet ID and the current PIN. In the example above, -A A000000062030400 specifies the SolarisAuthApplet applet ID and the PIN is the default SolarisAuthApplet value. Enclose the PIN, $$$$java, or any PIN containing shell special-characters (such as $) within single quotes. Otherwise, the shell tries to interpret the PIN as a variable, and the command fails.

Smartcard Console Instructions

  1. Insert the smart card you want to configure into the card reader.

  2. Select Configure Applets in the Navigation pane.

    The icon for the type of card in the reader is displayed in the Console pane.

  3. Double-click the icon in the Console pane.

    The Configure Applets dialog box is displayed.

  4. Select SolarisAuthApplet in the Configure Applets dialog box.

    The SolarisAuthApplet configuration folders appear on the right side of the dialog box, represented by tabs labeled PIN and User Profiles (plus RSA Key and PKI Cert, for some smart cards). Only User Profiles changes are described here. See "To Change the PIN on a Card" for PIN change information.

  5. Select the User Profiles tab in the Configure Applets dialog box.

  6. Type dtlogin in the User Profile Name field.

    This represents the CDE desktop.

  7. Type a user name in User Name field.

    This is the username of the person who will be using the card. The username cannot be more than eight characters long.

    Note - Click Get to determine the current username associated with the card. You will need to enter the PIN to get the current username or to change the username or password.

  8. Type password in Password field.

    This is the password associated with the username typed above. The password must correspond to the user's password based on the search order for passwd in /etc/nsswitch.conf (LDAP, NIS, NIS+, or local files). The password cannot be more than eight characters long.

    Note - If the user's password is changed after you have configured the smart card, you or the user must repeat these steps to store the new password on the smart card. It is not updated automatically.

  9. Click Set.

    The Set User Profile popup is displayed, asking for the current PIN.

  10. Type the PIN and click OK.

    The new username and password are stored on the card.

  11. Click OK to dismiss the dialog box.

To Verify a PIN for a Smart Card

Do the following to verify the PIN for a smart card.

  1. Insert the smart card into the card reader.

  2. As root, type the following to verify the PIN for the smart card.

    # smartcard -c init -A A000000062030400 -P 'PIN_number'

    where PIN_number represents the PIN set for the card and A000000062030400 is the applet ID for the SolarisAuthApplet.

    If the PIN is invalid, an Invalid PIN message is displayed. A valid PIN results in no output.

To Change the PIN on a Card

Do the following to change the PIN on a smart card.

Note - This is a task that can be performed by an end user, if he or she knows the current PIN.

Command Line Example

As root, with the smart card inserted in the card reader, type the following to change the default PIN ($$$$java) to 001234:

# smartcard -c init -A A000000062030400 -P '$$$$java' pin=001234

Note - You must enter the loaded applet ID and the current PIN. In the example above, -A A000000062030400 specifies the SolarisAuthApplet applet ID (aid) and the PIN is the default SolarisAuthApplet value. Be sure to type the new PIN correctly because you will not be prompted to confirm it. Enclose the PIN, $$$$java, or any PIN containing shell special-characters (such as $) within single quotes. Otherwise, the shell tries to interpret the PIN as a variable, and the command fails.

Smartcard Console Instructions

  1. Insert the smart card you want to configure into the card reader.

  2. Select Configure Applets in the Navigation pane.

    The icon for the type of card in the reader is displayed in the Console pane.

  3. Double-click the card icon in the Console pane.

    The Configure Applets dialog box is displayed.

  4. Select SolarisAuthApplet in the listbox.

    The SolarisAuthApplet configuration folders appear on the right side of the dialog box, represented by tabs labeled PIN and User Profiles (plus RSA Key and PKI Cert, for some smart cards). Only PIN change is described here.

  5. Select the PIN tab.

  6. Type and retype a new PIN.

    A PIN can contain up to eight characters.

  7. Click Change.

    A popup window labeled "Change PIN" is displayed.

  8. Enter the previous PIN in the pop-up window and click OK.

    The default PIN, loaded on the card when the SolarisAuthApplet was installed on the card, is $$$$java.

 		 
 
  Previous   Contents   Next