Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-3173: How can an AD user who is only allowed Smart Card logons, access UNIX machines?

Authentication Service ,  

13 March,17 at 02:30 PM

Applies to: All versions of Centrify DirectControl on RHEL platforms

An AD user is allowed to logon with a Smart Card only.
How can this user access UNIX machines?

If the AD user only has Smart Card-based logons to Windows machines (i.e. has NO Username/Password option), and needs access to a UNIX machine joined to AD via CDC, use the following method to access the UNIX machine:
  • Login to the Windows machine using the Smart Card, then use a SSH session (Putty etc.) to login to the UNIX machine.
The Smart Card login will enable the pkinit, and in turn use the Kerberos-based login to the UNIX machine using a session (e.g. Putty, etc) thus bypassing a need for a username/password login. 
With Centrify version 5.x, smart cards are only supported on RedHat Linux systems (and Mac systems).
For further details, please see the following KB:
KB-3142: Smart Card logon support on Red Hat Environments