Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-2434: Enabling sudo for users on a smart-card-only machine.

Mac & PC Management Service ,  

15 March,18 at 05:42 PM


Is it possible to enable sudo for users on a smart-card-only machine?


Yes. For machines that are solely smart-card-required - the only way to do this is to set the "nopasswd" flag for specified users.
  • When the per-user "Smart card required to log in" setting is checked in ADUC (as opposed to the per-machine GP setting), the user's password is deleted from Active Directory, so no password exists to be entered.
  • The ‘passwd’ flag in sudoers is set to prevent users from leaving their workstation and then another person coming and using sudo on the system.
  • With smart cards, the ideal situation is whenever the user leaves the workstation; they will also take the smartcard with them (this event can be set to auto-lock the system via group policy).

See also: