Description of problem:
Enabling smartcard in VM console properties is not enough to make smart cards work. The rest of the steps are not currently documented which causes a lot of confusion

Version-Release number of selected component (if applicable):
RHEV up to 3.6 RC

The docs could probably look as follows:

== Client system configuration for smart card sharing ===

Smart cards may require various libraries to access their certificates. This section will show how to make them visible for NSS library which spice-gtk utilizes to provide the smartcard to the guest. NSS expects the libraries to provide PKCS #11 interface.

The module architecture has to match spice-gtk/remote-viewer architecture so if you have only 32b PKCS #11 library available, you'll have to install 32b build of virt-viewer as well.

=== RHEL clients with CoolKey smart card middleware ===

CoolKey smart card middleware is a part of RHEL distribution. As such, it's enough to install <code>Smart Card Support</code> yum group and when enabled, any smart card should be redirected to the guest.

=== RHEL clients with other smart card middleware ===

The library need to be registered in system NSS database. To achieve that, you can run (as root):
<pre>
modutil -dbdir /etc/pki/nssdb -add "module name" -libfile /path/to/library.so
</pre>

=== Windows clients ===

On Windows, Red Hat doesn't provide any PKCS #11 library to access the smart card so the library has to be obtained from third party. To register the library, perform (as elevated-privileges user):
<pre>
mkdir %PROGRAMDATA%\pki\nssdb
certutil -d %PROGRAMDATA%\pki\nssdb -N
modutil -dbdir %PROGRAMDATA%\pki\nssdb -add "module name" -libfice C:\Path\to\module.dll
</pre>

The certutil and modutil commands are available as a part of virt-viewer installation, in <code>C:\Program Files[ (x86)]\VirtViewer[version]\bin\</code> directory