Centrify DirectControl for Mac OS XQuestion:
- Centrify for Mac has been installed and Smart Card Services are enabled.
- When a CAC card is inserted and the correct PIN entered, the login window shakes.
- The diagnostic check from the Centrify Smart Card Tool verifies that the card is correctly showing the ID certificate to be valid for pkinit.
- The following Terminal commands were also ran against the card:
- # sctool -k username@domain
- Could not find identity for username@domain: errKCItemNotFound / errSecItemNotFound
- # sctool -k [UPN of same account]
- krb5_get_init_creds_pkinit failed: Malformed representation of principal
What is wrong with the card and why do these errors show?Answer:
This can happen if the AD account attributes for UPN and alternate UPN are not configured correctly in ADUC.
This issue can also be reproduced if CACKey is installed on the same system and can interfere with regular functions at the login window.
It is recommended to uninstall CACKey and the login window should return to expected behaviour:
Please see the following site for how to uninstall CACKey:
For additional smart card troubleshooting tips, please see the following KB:
(All external links provided as a courtesy)