Disabling Smart Card Support

If you want to disable smart card support, you must disable the group policies you configured to establish smart card authentication.

To Disable Smart Card Support by Using Group Policy

1. Edit the Group Policy object linked to the site, domain, or OU that includes Red Hat Linux computers.

2. Expand Computer Configuration > Policies > Delinea Settings > Linux Settings, click Security, then double-click Enable smart card support.

3. Select Disabled and click OK.

   When the policy takes effect, smart card strings are removed from /etc/pam.d/system-auth on Red Hat Enterprise Linux 5.6 and /etc/pam.d/smartcard-auth and /etc/pam.d/gnome-screensaver on Red Hat Enterprise Linux 6.0.

4. Expand Computer Configuration > Policies > Delinea Settings > Linux Settings, click Security, then double-click Lock Smart Card screen for RHEL.

5. Select Disabled and click OK.

6. To apply these group policies immediately to any computer, restart the computer or run the adgpupdate command on it.

   Otherwise, all affected computers will be updated automatically at the next group policy update interval. After computers are restarted or receive the policy updates, they are no longer enabled for smart card use.

To Disable Smart Card Support by Running sctool

1. Log on to a Red Hat computer with root privilege and open a terminal window.

2. Run the sctool utility with the --disable option:

   [root]$ sctool --disable

3. Repeat steps 1 and 2 for each computer on which to disable smart card authentication.

   If you originally enabled smart card support through group policy by setting “Enable smart card support” you cannot disable it by using sctool --disable. Although this command will temporarily disable smart card support, it will be re-enabled by the policy at the next group policy update interval. To permanently disable smart card support, you must disable Enable smart card support as described in the previous procedure, To disable smart card support by using group policy.