Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3531: PIV card cannot login after certificate renewal

Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

30 September,16 at 03:30 PM

Applies to:  All versions of Centrify DirectControl using smart cards

 
 

Question:

 AD users are able to authenticate and login with their PIV cards. When the certificate is renewed, the user can no longer login with the PIV card and the login shakes.

How can renewed certificates be re-accepted on the systems?

 
 

Answer:

Run the following commands to clear out any cached tokens:

 

sudo rm -rf /var/db/TokenCache/tokens

sudo mkdir /var/db/TokenCache/tokens

 

Remove and re-insert the card, the system should re-cache the certificates from the card with the updated information.

 

 

See the following KB for other smart card troubleshooting tips:

 

  • KB-3018: Troubleshooting smart card issues on Mac systems

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-3018: Troubleshooting smart card issues on Mac systems articleKB-5316: How to configure smart card authentication for SSH from Mac to Linux articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-3925: How to add Centrify parameter to a group policy articleKB-6642: Getting started with 802.1X for Mac - Configuration Overview articleKB-2466: No PIN prompt when using Smart Card articleKB-5961: How to enable Smart Card login on RHEL 7 articleKB-6050: How to configure a group for automatic Kerberos Credentials for infinite renewal? articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out?