During the login process, the smart card method needs access to the keys on the smart card. The method obtains access by opening a session with the card and specifying the PIN. The card validates the PIN and grants appropriate access.
The default procedure is to always validate the PIN, but this functionality can be turned off. Turning off PIN validation might be desirable if another application has established a public session and has previously validated the PIN.
If PIN validation is turned off, a session with the smart card is established, but the PIN is not presented to the smart card for validation. This prevents the user from needing to enter the PIN a second time.
When smart card PIN validation is off, however, the method still needs access to the keys on the smart card in order to successfully log in. If access is not granted by the smart card, login fails. Therefore, it is recommended that you turn off PIN validation only if you know another application has already validated the PIN for the card. For information on how to turn off PIN validation, see Smart Card PIN.
If you are using the Novell Client and are turning off PIN validation, you might also want to set the Novell Client properties to hide the login dialog box field. This is because the smart card PIN is not used during the login, so there is no need to show the field. For information on how to hide the login dialog box field, see (Conditional: Novell Client Login Dialog Options) Identity Plug-in Configuration.