Questo contenuto non è disponibile nella lingua selezionata.
3.5. Setting up a Kerberos Client for Smart Cards
			Smart cards can be used with Kerberos, but it requires additional configuration to recognize the X.509 (SSL) user certificates on the smart cards:
		
- Install the required PKI/OpenSSL package, along with the other client packages:yum install krb5-pkinit-openssl yum install krb5-workstation krb5-libs krb5-auth-dialog [root@server ~]# yum install krb5-pkinit-openssl [root@server ~]# yum install krb5-workstation krb5-libs krb5-auth-dialogCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Edit the/etc/krb5.confconfiguration file to add a parameter for the public key infrastructure (PKI) to the[realms]section of the configuration. Thepkinit_anchorsparameter sets the location of the CA certificate bundle file.Copy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Add the PKI module information to the PAM configuration for both smart card authentication (/etc/pam.d/smartcard-auth) and system authentication (/etc/pam.d/system-auth). The line to be added to both files is as follows:auth optional pam_krb5.so use_first_pass no_subsequent_prompt preauth_options=X509_user_identity=PKCS11:/usr/lib64/pkcs11/libcoolkeypk11.so auth optional pam_krb5.so use_first_pass no_subsequent_prompt preauth_options=X509_user_identity=PKCS11:/usr/lib64/pkcs11/libcoolkeypk11.soCopy to Clipboard Copied! Toggle word wrap Toggle overflow