Applies to:
All versions of Centrify DirectControl
Question:
When running sctool -s command, the following message occurs
"Cannot determine Centrify Smart Card status. Make sure that Centrify is installed correctly and this computer is joined a domain correctly, or contact a system administrator."
When running sctool -e and response was "Starting PC/SC smart card daemon (pcscd)".
The card reader is ACS ACR3801.
All packages were verified and installed from the Centrify website link https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sso-sc-config.html.
System was rebooted too.
Running "dmesg" command showed device loading configuration for smart card reader.
Answer:
The issue is that in /etc/pam.d/kscreensaver, the customer had this line:
auth include system-auth try_first_pass
instead of what we expect which is:
auth include system-auth
Basically our pam stack modifier doesn't recognize any lines in kscreensaver and says that the status of the kscreensaver pam file is unknown and so
sctool exits out and doesn't make any modifications to any pam lines in any of the files.
Centrify verified that on a RHEL 6.5 VM with KDE desktop, the "try_first_pass entry" is not included in the /etc/pam.d/kscreensaver file. It was added manually.
auth include system-auth
Note:
This also applies to /etc/pam.d/gnome-screensaver