48.3.4. How Smart Card Login Works
This section provides a brief overview of the process of logging in using a smart card.
- When the user inserts their smart card into the smart card reader, this event is recognized by the PAM facility, which prompts for the user's PIN.
- The system then looks up the user's current certificates and verifies their validity. The certificate is then mapped to the user's UID.
- This is validated against the KDC and login granted.
Figure 48.5. How Smart Card Login Works
You cannot log in with a card that has not been enrolled, even if it has been formatted. You need to log in with a formatted, enrolled card, or not using a smart card, before you can enroll a new card.
Refer to Section 48.6, “Kerberos” and Section 48.4, “Pluggable Authentication Modules (PAM)” for more information on Kerberos and PAM.