Enable smart card support for sudo

If a user is configured correctly in the sudoer file and a smart card that corresponds to the user is presented at the time sudo is run, sudo will ask for PIN instead of the user password to unlock the card to authenticate the user.

This policy only works if smart card support is enabled.

Note that if the smart card is already unlocked at the time sudo is run, sudo will not prompt for PIN to authenticate the user.

This feature only works on OS X 10.11.2 or later.

Once enabled, this policy takes effect dynamically at the next group policy refresh interval.

Supported on:

Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Mac\Security
Value NameSmartCardSudoEnabled
Value TypeREG_SZ
Enabled ValueYES
Disabled ValueNO


Administrative Templates (Computers)

Administrative Templates (Users)