Show Table of Contents
5.9. Smart Card Authentication
Smart cards are an external hardware security feature, most commonly seen in credit cards, but also used by many businesses as authentication tokens. Smart cards can be used to protect Red Hat Virtualization virtual machines.
Procedure 5.19. Enabling Smart Cards
- Ensure that the smart card hardware is plugged into the client machine and is installed according to manufacturer's directions.
- Click the Virtual Machines tab and select a virtual machine.
- Click .
- Click the tab and select the check box.
- Click .
- Connect to the running virtual machine by clicking the icon. Smart card authentication is now passed from the client hardware to the virtual machine.
Important
If the Smart card hardware is not correctly installed, enabling the Smart card feature will result in the virtual machine failing to load properly.
Procedure 5.20. Disabling Smart Cards
- Click the Virtual Machines tab and select a virtual machine.
- Click .
- Click the tab, and clear the check box.
- Click .
Procedure 5.21. Configuring Client Systems for Smart Card Sharing
- Smart cards may require certain libraries in order to access their certificates. These libraries must be visible to the NSS library, which spice-gtk uses to provide the smart card to the guest. NSS expects the libraries to provide the PKCS #11 interface.
- Make sure that the module architecture matches spice-gtk/remote-viewer's architecture. For instance, if you have only the 32b PKCS #11 library available, you must install the 32b build of virt-viewer in order for smart cards to work.
Procedure 5.22. Configuring RHEL clients with CoolKey Smart Card Middleware
- CoolKey Smart Card middleware is a part of Red Hat Enterprise Linux. Install the
Smart card supportgroup. If the Smart Card Support group is installed on a Red Hat Enterprise Linux system, smart cards are redirected to the guest when Smart Cards are enabled. The following command installs theSmart card supportgroup:# yum groupinstall "Smart card support"
Procedure 5.23. Configuring RHEL clients with Other Smart Card Middleware
- Register the library in the system's NSS database. Run the following command as root:
# modutil -dbdir /etc/pki/nssdb -add "module name" -libfile /path/to/library.so
Procedure 5.24. Configuring Windows Clients
- Red Hat does not provide PKCS #11 support to Windows clients. Libraries that provide PKCS #11 support must be obtained from third parties. When such libraries are obtained, register them by running the following command as a user with elevated privileges:
modutil -dbdir %PROGRAMDATA%\pki\nssdb -add "module name" -libfile C:\Path\to\module.dll
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.