Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-7159: Smartcard login not working on system that has been hardened

Authentication Service ,  

22 September,16 at 04:27 PM

Applies to:

All Versions of Centrify DirectControl on RHEL and CentOS


When prompted to login to a machine configured to use smart cards that has hardening (STIG) scripts applied, the smart card pin prompt does not appear.  The only option is to use username and password.


Most hardening (STIG) scripts change the root users umask from the default of 022 to 077.  When 'sctool -e' is run, it updates the file /etc/sysconfig/authconfig which originally has file permissions of 0644.  Because the root account is being used, it sets the file to have permissions of 0600 after it is modified.

Usually in a hardened environment as well, the GDM GUI is set to run with a non-privileged account (non-root).

As the /etc/sysconfig/authconfig file is now set to 0600, the GDM GUI users is unable to read that file and therefore, fails to prompt for a smart card login.


Change the file permissions of the /etc/sysconfig/authconfig file back to 0644 and then the smart card pin prompt should then appear when logging in.

To change the permissions on the /etc/sysconfig/authconfig, run the following command:
chmod 644 /etc/sysconfig/authconfig

Verify the permissions have been changed by running:
ls -al /etc/sysconfig/authconfig

The permissions should like the following:
-rw-r--r--. 1 root root 396 Sep 22 07:55 /etc/sysconfig/authconfig