Local Login with Smartcard Certificate

Overview

This is a method for local login at the endpoint device with a smartcard holding a certificate. 

It can be used in two ways:

• As a standalone authentification method; see Standalone Authentification Method
• In combination with AD/Kerberos; see Combination with the "AD/Kerberos with Smartcard" Method (see also Passthrough Authentication). The AD/Kerberos login is tried first. If this has been successful, the login is successful. If not, login with the smartcard certificate is performed as a fallback.

For the login with a smartcard certificate, the pam_pkcs11 module is used. For reference, see https://github.com/OpenSC/pam_pkcs11.