The purpose of this document is to demonstrate how to configure CA PAM to use smart cards(PKI). In short, you have install the root and intermediate certificates into PAM, which are required by the certificate on your smart card. You will also have to install in PAM any CRLs that are required by the certificates. On the Config à Security page, you will have to enable PKI and make the PKI button visible. Your users can then attempt to login using the PKI button. There first attempt will fail, as each such CAC user must be approved by a PAM Admin. Once that is done your users will be able to login with PKI. That’s the short story. Details may be found in the attached document.