Re[2]: Relative Security Provided by Cached Domain Credentials?
From: Vyacheslav Ponomarenko (VPonomarenko_at_taos.com)
Date: 05/26/04
- Previous message: Langston, Fred: "RE: Relative Security Provided by Cached Domain Credentials?"
- In reply to: Kim Oppalfens: "RE: Relative Security Provided by Cached Domain Credentials?"
- Next in thread: Nicolas RUFF (lists): "Re: Relative Security Provided by Cached Domain Credentials?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 May 2004 20:13:54 -0700 To: focus-ms@securityfocus.com
Kim,
When you use EFS on a file server it encrypts/decrypts data on user's
behalf via delegation. Thus it can only access keys stored in user's
profile.
Vyacheslav
Tuesday, May 25, 2004, 6:56:01 AM, you wrote:
KO> I have seen mentioned the use of smartcards for efs certificates in this
KO> thread a couple of times.
KO> Although it would be nice in theory it was my understanding that this cannot
KO> be used at present because not thought about in the efs API, so during
KO> decreption or encryption for that matter only the personal certificate store
KO> is checked for a key, not any smartcard related stuff.
KO> At least that is what I understood about efs and smartcards.
KO> Has any of you actually tested the smartcard solution, or it this how you
KO> would theoratically handle it?
KO> Kim Oppalfens
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Langston, Fred: "RE: Relative Security Provided by Cached Domain Credentials?"
- In reply to: Kim Oppalfens: "RE: Relative Security Provided by Cached Domain Credentials?"
- Next in thread: Nicolas RUFF (lists): "Re: Relative Security Provided by Cached Domain Credentials?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
