DOD COMMON ACCESS CARD (CAC) LOG-ON SUPPORT
807557Jun 23 2006 — edited Sep 25 2008Has anyone established cryptographic log-on (CLO) functionality on a Solaris 10 box? This capability is a near-term requirement for DOD systems but I haven't found anything substantive about it. This is not locally-controlled SmartCard use... the CAC is formatted and loaded by one part of the DOD environment (military DEERS/RAPIDS workstations) and is then used throughout the services. User ID, PIN, and certificates are loaded when the card is created; from then on, logon is supposed to be, "card goes in reader, user is prompted for PIN. PIN is right -> logon; PIN is wrong -> 3 strikes and your card locks." Session locking is supposed to be, "user takes card out of reader, system locks session but does not log out." I'm looking for a solution that works across SPARC platforms. Any pointers will be greatly appreciated.