cancel
Showing results for 
Search instead for 
Did you mean: 
Ehausgaard
New member
3 2 0 0
Message 1 of 5
700
Flag Post

zcentral re-login with smartcard prompts for system password

HP Recommended
Zcentral
Linux

I support users who remotely connect from Windows PC to Linux (RHEL7) systems using Zcentral and RGS. 

when the user logs in the first time, the smartcard is read and access is given.  If the users disconnects, however,  Zcentral asks for username and password.  Bypassing the smartcard. 

4 REPLIES 4
KellyRGS
Level 7
Level 7
668 659 51 66
Message 2 of 5
Flag Post
HP Recommended

I need more details this issue.  I am  guessing you are using smart card redirection from Windows to Linux.  When you disconnect, are you signing out, or just disconnecting with the X?  You are then reconnecting with Remote Boost. This should take them to their lock screen.  


I would expect the lock screen to be able to unlock with the smart card, but don't know that for sure.  It could depend on how the system is configured.

It could depend on what is used to lock the screen and what PAM service is used to unlock.

 

Smart card redirection can be used with standard authentication and Easy Login, cannot be used with Single Sign On.  Did you review the smart card section in the user guide? Smart card starts at page 37 in the attached user guide.

I am an HP employee.
Was this reply helpful? Yes No
Ehausgaard
Author
New member
3 2 0 0
Message 3 of 5
Flag Post
HP Recommended

The user will disconnect the X session.   when (s)he logs in the next time, (s)he gets both prompts. 

I have easy login and smartcard redirection turned on.   the initial session only authenticates via the desktop. [what we want]

the second session will prompt for user/passwd and then host authentication.   [we don't want the user/passwd prompt]

 

what does the PAM stack need to look like to avoid the ZCentral login and only use the system login?

Was this reply helpful? Yes No
KellyRGS
Level 7
Level 7
668 659 51 66
Message 4 of 5
Flag Post
HP Recommended

Let me do a little testing on this.  From what I understand, if no one is signed in the sender, a receiver connects with Easy Login enabled, then the first step of authentication will be skipped, and you only need to present credentials at the desktop.  However, if a user disconnects, then I think you are prompted twice. 

I am an HP employee.
Was this reply helpful? Yes No
Ehausgaard
Author
New member
3 2 0 0
Message 5 of 5
Flag Post
HP Recommended

" However, if a user disconnects, then I think you are prompted twice. "

is this a feature?  If so, it is not desired since we don't want users to authenticate without using the Multi-Factor Authentication of the Linux host.  We want RGS/ZCentral to ALWAYS pass to the Linux host for Authentication. 

Was this reply helpful? Yes No
Warning Be alert for scammers posting fake support phone numbers and/or email addresses on the community. If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation