.\"
.\" Copyright (c) 2009 Apple Inc. All rights reserved.
.\"
.\" @APPLE_LICENSE_HEADER_START@
.\" 
.\" This file contains Original Code and/or Modifications of Original Code
.\" as defined in and that are subject to the Apple Public Source License
.\" Version 2.0 (the 'License'). You may not use this file except in
.\" compliance with the License. Please obtain a copy of the License at
.\" http://www.opensource.apple.com/apsl/ and read it before using this
.\" file.
.\" 
.\" The Original Code and all software distributed under the License are
.\" distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
.\" EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
.\" INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
.\" FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
.\" Please see the License for the specific language governing rights and
.\" limitations under the License.
.\" 
.\" @APPLE_LICENSE_HEADER_END@
.\"
.Dd August 27, 2015
.Dt pam_smartcard 8
.Os
.Sh NAME
.Nm pam_smartcard
.Nd Smartcard PAM module
.Sh SYNOPSIS
.Op Ar service-name
.Ar function-class
.Ar control-flag
pam_smartcard
.Op Ar options
.Sh DESCRIPTION
The Smartcard PAM module supports authentication function class.  In terms of the
.Ar function-class
parameter, this is
.Dq Li auth.
.Ss The Smartcard Authentication Module
This module permits or denies users based on smartcard authentication support in the Open Directory database, and the presence of an appropriate smartcard in the reader attached to the local machine. When a card is locked, the user is asked to unlock it with his PIN.
.Ss The following options may be passed to this account management module:
.Bl -tag -width Ds
.It Cm no_check_shell
Continues evaluation even if user's shell is not valid. Normally, users with a shell like /usr/bin/false are considered as disabled.
.It Cm no_ignore
Return failure when an appropriate smartcard is not present.
.El
.Sh EXAMPLE
.Bl -tag -width Ds
.Bd -unfilled
.It Ev Adding the following line on the top of the /etc/pam.d/sudo enables smartcard support for sudo:
auth   sufficient     pam_smartcard.so
.Ed
.El
.Sh SEE ALSO
.Xr pam.conf 5 ,
.Xr pam 8
.Xr SmartCardServices 7