30 September,16 at 03:30 PM
Applies to: All versions of Centrify DirectControl using smart cards
Question:
AD users are able to authenticate and login with their PIV cards. When the certificate is renewed, the user can no longer login with the PIV card and the login shakes.
How can renewed certificates be re-accepted on the systems?
Answer:
Run the following commands to clear out any cached tokens:
sudo rm -rf /var/db/TokenCache/tokens
sudo mkdir /var/db/TokenCache/tokens
Remove and re-insert the card, the system should re-cache the certificates from the card with the updated information.
See the following KB for other smart card troubleshooting tips:
[Labs] Using YubiKey (PIV or OATH OTP) to Secure Centrify Identity Service and Privilege Service
[Howto] Set up Centrify Identity Service or Privilege Service for MFA using Smart Card
[Labs] New Series: Strong Authentication using Centrify/MS PKI/OATH for Servers, Apps, SAPM/PSM
KB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0)
[Labs] Using Centrify+AD+YubiKey to secure UNIX/Linux access with Strong Authentication
How to set up smart card authentication for PAS portal login
[Labs] Using Centrify+Yubikey for Strong Authentication for Windows Access and Privilege Elevation
Centrify Cloud 16.9 Release Notes
Centrify 18.7 Release Notes