Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3173: How can an AD user who is only allowed Smart Card logons, access UNIX machines?

Centrify DirectControl ,  

13 March,17 at 02:30 PM

Applies to: All versions of Centrify DirectControl on RHEL platforms

 
Question:
 
An AD user is allowed to logon with a Smart Card only.
 
How can this user access UNIX machines?

 
Answer:
 
If the AD user only has Smart Card-based logons to Windows machines (i.e. has NO Username/Password option), and needs access to a UNIX machine joined to AD via CDC, use the following method to access the UNIX machine:
  • Login to the Windows machine using the Smart Card, then use a SSH session (Putty etc.) to login to the UNIX machine.
The Smart Card login will enable the pkinit, and in turn use the Kerberos-based login to the UNIX machine using a session (e.g. Putty, etc) thus bypassing a need for a username/password login. 
 
 
With Centrify version 5.x, smart cards are only supported on RedHat Linux systems (and Mac systems).
 
For further details, please see the following KB:
KB-3142: Smart Card logon support on Red Hat Environments

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.