The preference "Require Smart Card is present for SSO and administrative operations"is set to 'no' and cannot be changed because it is grayed out in the management console.
This is working as designed. Some SecureLogin preferences are linked to others with intelligence built in to assist administrators. The preference is grayed out on purpose and cannot be changed if the "Lost Card" scenario is set to "Allow Passphrase"
This would imply the smart card does NOT have to be present and the two preferences would contradict each other.