5.9. Smart Card Authentication
Procedure 5.19. Enabling Smart Cards
- Ensure that the smart card hardware is plugged into the client machine and is installed according to manufacturer's directions.
- Click the Virtual Machines tab and select a virtual machine.
- Click.
- Click thetab and select the check box.
- Click.
- Connect to the running virtual machine by clicking theicon. Smart card authentication is now passed from the client hardware to the virtual machine.
Important
Procedure 5.20. Disabling Smart Cards
- Click the Virtual Machines tab and select a virtual machine.
- Click.
- Click thetab, and clear the check box.
- Click.
Procedure 5.21. Configuring Client Systems for Smart Card Sharing
- Smart cards may require certain libraries in order to access their certificates. These libraries must be visible to the NSS library, which spice-gtk uses to provide the smart card to the guest. NSS expects the libraries to provide the PKCS #11 interface.
- Make sure that the module architecture matches spice-gtk/remote-viewer's architecture. For instance, if you have only the 32b PKCS #11 library available, you must install the 32b build of virt-viewer in order for smart cards to work.
Procedure 5.22. Configuring RHEL clients with CoolKey Smart Card Middleware
- CoolKey Smart Card middleware is a part of Red Hat Enterprise Linux. Install the
Smart card support
group. If the Smart Card Support group is installed on a Red Hat Enterprise Linux system, smart cards are redirected to the guest when Smart Cards are enabled. The following command installs theSmart card support
group:# yum groupinstall "Smart card support"
Procedure 5.23. Configuring RHEL clients with Other Smart Card Middleware
- Register the library in the system's NSS database. Run the following command as root:
# modutil -dbdir /etc/pki/nssdb -add "module name" -libfile /path/to/library.so
Procedure 5.24. Configuring Windows Clients
- Red Hat does not provide PKCS #11 support to Windows clients. Libraries that provide PKCS #11 support must be obtained from third parties. When such libraries are obtained, register them by running the following command as a user with elevated privileges:
modutil -dbdir %PROGRAMDATA%\pki\nssdb -add "module name" -libfile C:\Path\to\module.dll