Users Guide
168 Configuring Smart Card Authentication
Table 8-1. Smart Card Settings
Setting Description
Configure Smart Card
Logon
• Disabled — Disables Smart Card logon. Subsequent
logins from the graphical user interface (GUI) display
the regular login page. All command line out-of-band
interfaces including secure shell (SSH), Telnet, Serial,
and remote RACADM are set to their default state.
• Enabled — Enables Smart Card logon. After applying
the changes, logout, insert your Smart Card and then
click
Login
to enter your Smart Card PIN. Enabling
Smart Card logon disables all CLI out-of-band interfaces
including SSH, Telnet, Serial, remote RACADM,
and IPMI over LAN.
• Enabled with Remote Racadm — Enables Smart Card
logon along with remote RACADM. All other CLI
out-of-band interfaces are disabled.
NOTE: The Smart Card logon requires you to configure the
local iDRAC6 users with the appropriate certificates. If the
Smart Card logon is used to log in a Microsoft Active
Directory user, then you must ensure that you configure the
Active Directory user certificate for that user. You can
configure the user certificate in the Users→ User Main
Menu page.
Enable CRL check for
Smart Card Logon
This check is available only for Active Directory login
users. Select this option if you want the iDRAC6 to check
the Certificate Revocation List (CRL) for revocation of
the user's Smart Card certificate.
The user will not be able to login if:
• The user certificate is listed as revoked in the CRL file.
• iDRAC6 is not able to communicate with the CRL
distribution server.
• iDRAC6 is not able to download the CRL.
NOTE: You must correctly configure the IP address of the
DNS server in the Configuration→ Network page for this
check to succeed.