Users Guide
156 Configuring Smart Card Authentication
Table 9-1. Smart Card Settings
Setting Description
Configure Smart Card
Logon
• Disabled — Disables Smart Card logon. Subsequent logins
from the graphical user interface (GUI) display the regular
login page. All command line out-of-band interfaces
including secure shell (SSH), Telnet, Serial, and remote
RACADM are set to their default state.
• Enabled — Enables Smart Card logon. After applying the
changes, logout, insert your Smart Card, enter your Smart
Card PIN, and then click
Login
to log on to the DRAC.
Enabling Smart Card logon disables all CLI out-of-band
interfaces including SSH, Telnet, Serial, remote RACADM,
and IPMI over LAN.
• Enabled with Remote Racadm — Enables Smart Card logon
along with remote RACADM. All other CLI out-of-band
interfaces are disabled.
NOTE: The Smart Card logon requires you to configure the local
DRAC 5 users with the appropriate certificates. If the Smart
Card logon is used to log in a Microsoft Active Directory user,
then you must ensure that you configure the Active Directory
user certificate for that user. You can configure the user
certificate in the Users User Main Menu page.
Enable CRL check for
Smart Card Logon
This check is available only for Smart Card local users. Select
this option if you want the DRAC to check the Certificate
Revocation List (CRL) for revocation of the user's Smart
Card certificate. For the CRL feature to work, the DRAC
must have a valid DNS IP address configured as part of its
network configuration. You can configure the DNS IP address
in DRAC under Remote Access Configuration Network.
The user will not be able to login if:
• The user certificate is listed as revoked in the CRL file.
• DRAC is not able to communicate with the CRL
distribution server.
• DRAC is not able to download the CRL.
NOTE: You must correctly configure the IP address of the DNS
server in the Configuration Network page for this check
to succeed.