This is a method for local login at the endpoint device with a smartcard holding a certificate.
It can be used in two ways:
- As a standalone authentification method; see Standalone Authentification Method
- In combination with AD/Kerberos; see Combination with the "AD/Kerberos with Smartcard" Method (see also Passthrough Authentication). The AD/Kerberos login is tried first. If this has been successful, the login is successful. If not, login with the smartcard certificate is performed as a fallback.
For the login with a smartcard certificate, the pam_pkcs11 module is used. For reference, see https://github.com/OpenSC/pam_pkcs11.