Users Guide
Configuring Smart Card Authentication 143
Table 7-1. Smart Card Settings
Setting Description
Configure Smart Card
Logon
• Disabled — Disables Smart Card logon. Subsequent
logins from the graphical user interface (GUI) display
the regular login page. All command line out-of-band
interfaces including secure shell (SSH), Telnet,
Serial, and remote RACADM are set to their default
state.
• Enabled — Enables Smart Card logon. After applying
the changes, logout, insert your Smart Card and then
click
Login
to enter your Smart Card PIN. Enabling
Smart Card logon disables all CLI out-of-band
interfaces including SSH, Telnet, Serial, remote
RACADM, and IPMI over LAN.
• Enabled with Remote Racadm — Enables Smart
Card logon along with remote RACADM. All other
CLI out-of-band interfaces are disabled.
NOTE: The Smart Card logon requires you to configure
the local DRAC 5 users with the appropriate certificates.
If the Smart Card logon is used to log in a Microsoft
Active Directory user, then you must ensure that you
configure the Active Directory user certificate for that
user. You can configure the user certificate in the
Users→ User Main Menu page.
Enable CRL check for
Smart Card Logon
This check is available only for Active Directory login
users. Select this option if you want the DRAC 5 to
check the Certificate Revocation List (CRL) for
revocation of the user's Smart Card certificate.
The user will not be able to login if:
• The user certificate is listed as revoked in the CRL
file.
• DRAC is not able to communicate with the CRL
distribution server.
• DRAC is not able to download the CRL.
NOTE: You must correctly configure the IP address of
the DNS server in the Configuration→ Network page for
this check to succeed.