Centrify Now Supports Smart Card Authentication for Red Hat Linux

Today we announced smart card authentication support for Red Hat Linux. The new offering from Centrify will help in particular Federal organizations deploying Red Hat systems meet Homeland Security Presidential Directive 12 (HSPD-12) which calls for a mandatory, government-wide standard for reliable and secure forms of ID issued by the federal government to its employees and employees of federal contractors for access to federally controlled networks and facilities. Couple that with our support for FIPS 140-2 encryption and you now have a secure, standards-based Linux desktop platform for federal workers.

Some of the key features include:

  • Smart card authentication to Active Directory is supported on Red Hat Linux version 5.6 or greater (32 and 64 bit). Users can authenticate to the Red Hat Desktop by inserting their smart card into the reader and entering their secure PIN. The smart card and pin will be authenticated to Active Directory and the user will be logged in to the computer. That means you get single sign-on across platforms using one User ID and one smartcard. Supported smart cards include the Personal Identity Verification (PIV) card, the Common Access Card (CAC) and the CAC Next Generation (CAC NG) card.
    Centrify Smart Card Authentication
  • FIPS 140-2 Encryption support
  • Configuration settings controlled by Group Policy. You can control the following settings:
    • Require smart card authentication on Red Hat Linux
    • Lock the desktop automatically when smart card is removed
    • Enable FIPS 140-2 encryption
  • Automated download for root and intermediate certificates in the domain. The Chain of Trust of a Certificate Chain is an ordered list of certificates, containing an end-user subscriber certificate and intermediate certificates that enables the receiver to verify that the sender and all intermediates certificates are trustworthy. The trust anchor for the digital certificate is the Root Certificate Authority. This hierarchy of intermediate and root certificates are downloaded automatically from Active Directory when the computer joins the domain. The expiration dates for these certificates are periodically checked and they are refreshed automatically when the expiration date is near.

How to get it, more info, etc.: