Depending on what you consider best practices for using a smart card, you may want the screen to lock whenever a user removes the smart card. If you want to lock the screen when a smart card is removed, you can do so by enabling the “Removing a smart card locks screen” user group policy.
To lock the smart card screen when a smart card is removed
- On a Windows computer, open Group Policy Management and select the Group Policy object where you enabled smart card support for Red Hat Linux computers; right-click the Group Policy object, then click Edit.
- In the Group Policy Management Editor, expand Computer Configuration > Policies > Centrify Settings > Linux Settings, click Security, then double-click Lock Smart Card screen for RHEL.
Select Enabled, then click OK.
Note: Policies are turned off by default on Linux systems but can be turned on with a group policy setting. To ensure that the “Removing a smart card locks screen” policy takes effect, verify that the following computer policy is enabled by completing the following two steps.
- Expand Computer Configuration > Centrify Settings > DirectControl Settings, click Group Policy Settings, then double-click Enable user group policy.
- Verify that Enabled is selected, and if not, select it, then click OK.
To apply the group policy “Lock Smart Card screen for RHEL” immediately to any computer you must restart the computer or run the adgpupdate command on it.
Otherwise, all affected computers will be updated automatically at the next group policy update interval. After computers are restarted or receive the policy update, the screen is locked if a smart card is removed.