Users Guide
172 Configuring Smart Card Authentication
NOTE: Dell recommends that the iDRAC6 administrator use the Enable with
Remote Racadm setting only to access the iDRAC6 Web-based interface to
run scripts using the remote RACADM commands. If the administrator does
not need to use the remote RACADM, Dell recommends the Enabled setting
for Smart Card logon. Also, ensure that the iDRAC6 local user configuration
and/or Active Directory configuration is complete before enabling Smart
Card Logon.
•
Disable
Smart Card configuration (default). This selection disables the
TFA Smart Card Logon feature and the next time you login to the
iDRAC6 GUI, you will be prompted for a Microsoft
®
Active Directory
®
or
local logon username and password, which occurs as the default login
prompt from the Web interface.
•
Enable CRL check for Smart Card Logon
, the user's iDRAC certificate,
which is downloaded from the Certificate Revocation List (CRL)
distribution server is checked for revocation in the CRL.
NOTE: The CRL distribution servers are listed in the Smart Card certificates of
the users.
Configuring Local iDRAC6 Users for
Smart Card Logon
You can configure the local iDRAC6 users to log into the iDRAC6 using the
Smart Card. Click Remote Access→ Configuration→ Users.
However, before the user can log into the iDRAC6 using the Smart Card,
you must upload the user's Smart Card certificate and the trusted Certificate
Authority (CA) certificate to the iDRAC6.
Exporting the Smart Card Certificate
You can obtain the user's certificate by exporting the Smart Card
certificate using the card management software (CMS) from the Smart Card
to a file in the Base64 encoded form. You can usually obtain the CMS from
the vendor of the Smart Card. This encoded file should be uploaded as the
user's certificate to the iDRAC6. The trusted Certificate Authority that
issues the Smart Card user certificates should also export the CA certificate
to a file in the Base64 encoded form. You should upload this file as the