Smart Card Support in Red Hat Enterprise Linux
Recent Red Hat Enterprise Linux releases see an expansion in support of the smart card related use cases. However customers usually have a mixed environment and standardize on a specific version of Red Hat Enterprise Linux for period of time. It is important to understand the evolution of the smart card related feature to plan your deployment and understand what capabilities are available in what version of the operating system.
When we talk about smart cards support there are several dimensions that need to be considered:
- Card type
- PAM module
- Identity mapping
- Advanced features
- Red Hat Enterprise Linux version
Let us first look at those areas in more details.
There are different types of cards and they require different logic to process data on the card. There are four types of cards that are supported by Red Hat Enterprise Linux: coolkey cards, CAC, PIV and PKCS#15. The support for different types of cards has been added over the time but coolkey and CAC cards have been supported since Red Hat Enterprise Linux 5. PIV and PKCS#15 was added in later releases. PIV support was added in 6.3 and then carried forward in 7.0 while PKCS#15 was added in 7.2 and was not backported to 6.x stream. Over the course of the releases other capabilities were added, for example the support of the contactless cards. Different types of cards have different capabilities. For example CAC cards have one compartment where the certificates can be stored while PIV card has multiple. For more details about the difference between the types of the cards please read corresponding documentation.
Read the entire article here, Smart Card Support in Red Hat Enterprise Linux – Red Hat Enterprise Linux Blog
Via the fine folks at Red Hat.