Verifying smart card authentication

After you enable smart card support, you should verify that a user is able to authenticate with a smart card on a Red Hat Linux computer.

To verify smart card authentication:

  1. On the Red Hat Linux computer, run the following command to check the status of smart card support:

    [root]#sctool --status 
    Centrify DirectControl Smart Card support is enabled.

    Note:   On Red Hat Linux computers, when enabling smart card support, the agent bypasses the native, Red Hat, smart card infrastructure. Therefore, after you enable smart card with the agent (through the group policy setting or the sctool command), the sctool --status command will show that smart card is enabled but the Red Hat system (GNOME: System > Administration > Authentication > Authentication) might show that it is not enabled. You can ignore the GNOME setting because it is for native smart card authentication, not the authentication used by the agent.

  2. Click System > Administration > Smart Card Manager.

  3. Insert the smart card in the reader and click View Certificates.
  4. Double-click the certificate for a user account that has a profile in the zone the Red Hat Linux computer has joined, for example, JOBS.BILL.20013.

  5. Scroll to find the NT Principal name; for example:

    NT Principal Name jbill.20013@myDomain.com
  6. On a Windows computer, open Activity Directory Users and Computers or the Access Manager console. For example, in the Access Manager console, navigate to the zone that the Red Hat Linux computer has joined and open UNIX Data > Users, then double-click the user.

    The NT Principal name in the certificate should match the login name in the Centrify UNIX profile, or in the Active Directory Account tab.

  7. Log out of the Red Hat computer.
  8. Re-insert the smart card in the reader and enter the user’s PIN.