Users Guide
174 Configuring Smart Card Authentication
Table 8-1. Smart Card Settings
Setting Description
Configure Smart Card
Logon
•
Disabled
— Disables Smart Card logon. Subsequent logins
from the graphical user interface (GUI) display the regular
login page. All command line out-of-band interfaces
including secure shell (SSH), Telnet, Serial, and remote
RACADM are set to their default state.
•
Enabled
— Enables Smart Card logon. After applying the
changes, logout, insert your Smart Card and then click
Login
to enter your Smart Card PIN. Enabling Smart Card
logon disables all CLI out-of-band interfaces including SSH,
Telnet, Serial, remote RACADM, and IPMI over LAN.
•
Enabled with Remote Racadm
— Enables Smart Card
logon along with remote RACADM. All other CLI out-of-
band interfaces are disabled.
NOTE: The Smart Card logon requires you to configure the
local iDRAC6 users with the appropriate certificates. If the
Smart Card logon is used to log in a Microsoft Active Directory
user, then you must ensure that you configure the Active
Directory user certificate for that user. You can configure the
user certificate in the Users→ User Main Menu page.
Enable CRL check for
Smart Card Logon
This check is available only for Smart Card local users. Select
this option if you want iDRAC6 to check the Certificate
Revocation List (CRL) for revocation of the user's Smart
Card certificate. For the CRL feature to work, the iDRAC6
must have a valid DNS IP address configured as part of its
network configuration. You can configure the DNS IP address
in iDRAC6 under Remote Access→ Configuration→
Network.
The user will not be able to login if:
• The user certificate is listed as revoked in the CRL file.
• iDRAC6 is not able to communicate with the CRL
distribution server.
• iDRAC6 is not able to download the CRL.
NOTE: You must correctly configure the IP address of the
DNS server in the Configuration→ Network page for this
check to succeed.