Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Authentication Services for Smart Cards Administration Guide

One Identity Privileged Access Suite for Unix Introducing Authentication Services for Smart Cards Installing Authentication Services for Smart Cards Configuring Authentication Services for Smart Cards
Configuring the vendor’s PKCS#11 library Configuring the card slot for your PKCS#11 library Configuring PAM applications for smart card login Configuring certificates and CRLs
Testing Authentication Services for Smart Cards Troubleshooting

Disable remote login

One Identity recommends that you disable remote login for GDM by disabling the X display manager control protocol (XDMCP). XDMCP is disabled by default; however, you can manually disable XDMCP.

Edit the GDM configuration file manually

To edit the GDM Configuration file manually

  1. Open the GDM configuration file.

    This file is typically located at /etc/X11/gdm/gdm.conf, however "local" settings may take precedence. You can find the local settings in /etc/X11/gdm/factory-gdm.conf file.

  2. Look for the [XDMCP] section and verify that the Enable property is either not present, commented out, or is set to false, as follows:
    [XDMCP]
    Enable=false.

    Note: Whether modifying the GDM configuration manually or by using the graphical user interface, you must restart GDM.

Edit the GDM configuration file With the graphical application

GDM includes a graphical application that you can use to configure GDM. The following steps document how to disable remote log in with this application:

To disable remote login

  1. Run /usr/bin/gdmsetup.
  2. Click the XDMCP tab.
  3. Verify that the Enabled XDMCP is not selected.

Note: Whether modifying the GDM configuration manually or by using /usr/bin/gdmsetup, you must restart GDM.

Use GDM with a smart card

To perform smart card login by means of Gnome Display Manager (GDM)

  1. Insert your smart card.
  2. Enter your username or UPN at the Username: prompt, if required.

    Note: GDM permits a null entry. An unspecified username allows the pam_vas_smartcard module to obtain the username from the smart card itself.

  3. Enter your PIN at the Password: prompt.
  4. Click the Login button.
Related Documents