5.9. Smart Card Authentication

Smart cards are an external hardware security feature, most commonly seen in credit cards, but also used by many businesses as authentication tokens. Smart cards can be used to protect Red Hat Virtualization virtual machines.

Procedure 5.19. Enabling Smart Cards

Ensure that the smart card hardware is plugged into the client machine and is installed according to manufacturer's directions.
Click the Virtual Machines tab and select a virtual machine.
Click Edit.
Click the Console tab and select the Smartcard enabled check box.
Click OK.
Connect to the running virtual machine by clicking the Console icon. Smart card authentication is now passed from the client hardware to the virtual machine.

Important

If the Smart card hardware is not correctly installed, enabling the Smart card feature will result in the virtual machine failing to load properly.

Procedure 5.20. Disabling Smart Cards

Click the Virtual Machines tab and select a virtual machine.
Click Edit.
Click the Console tab, and clear the Smartcard enabled check box.
Click OK.

Procedure 5.21. Configuring Client Systems for Smart Card Sharing

Smart cards may require certain libraries in order to access their certificates. These libraries must be visible to the NSS library, which spice-gtk uses to provide the smart card to the guest. NSS expects the libraries to provide the PKCS #11 interface.
Make sure that the module architecture matches spice-gtk/remote-viewer's architecture. For instance, if you have only the 32b PKCS #11 library available, you must install the 32b build of virt-viewer in order for smart cards to work.

Procedure 5.22. Configuring RHEL clients with CoolKey Smart Card Middleware

CoolKey Smart Card middleware is a part of Red Hat Enterprise Linux. Install the Smart card support group. If the Smart Card Support group is installed on a Red Hat Enterprise Linux system, smart cards are redirected to the guest when Smart Cards are enabled. The following command installs the Smart card support group:
```
# yum groupinstall "Smart card support"
```

Procedure 5.23. Configuring RHEL clients with Other Smart Card Middleware

Register the library in the system's NSS database. Run the following command as root:
```
# modutil -dbdir /etc/pki/nssdb -add "module name" -libfile /path/to/library.so
```

Procedure 5.24. Configuring Windows Clients

Red Hat does not provide PKCS #11 support to Windows clients. Libraries that provide PKCS #11 support must be obtained from third parties. When such libraries are obtained, register them by running the following command as a user with elevated privileges:
```
modutil -dbdir %PROGRAMDATA%\pki\nssdb -add "module name" -libfile C:\Path\to\module.dll
```

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

5.9. Smart Card Authentication

Where did the comment section go?