smartcard authentication in Linux KDC realm
From: Michal Straczynski (mstraczynski_at_o2.pl)
Date: 08/25/04
- Next message: Michael Sim: "Problem in Replacing the Existing Certificate with Renewed Certificate"
- Previous message: Pavel Lebedinsky: "Re: HELP! CreateProcessWithLogonW issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 25 Aug 2004 01:18:44 -0700
Hello,
1. I would like to configure environment where users can logon to a
Kerberos realm in Linux KDC (Heimdal with PKINIT patch) from Windows
2000 workstations via smartcard logon.
Till now I've already succesfuly tested two configurations:
1) Windows workstations authenticating to the Kerberos realm,
2) the smartcard logon from the Windows workstations to the Windows
domain.
However when I tested the smartcard logon from a Windows
workstation to the Kerberos KDC, the workstation initiates a normal
password logon to the Linux KDC instead of smartcard logon. It seems
that
the workstation won't use Kerberos PKINIT if it isn't in a Windows
domain, am I wright?
2. If it is true than I will have to write the custom GINA logon
module that uses SC reader and authenticates users in Kerberos realm.
I wonder if I could use MS Kerberos SSP/AP, for authentication in this
scenario? Or does MS Kerberos PKINIT implementation require Active
Directory?
Regards,
Michal Straczynski
- Next message: Michael Sim: "Problem in Replacing the Existing Certificate with Renewed Certificate"
- Previous message: Pavel Lebedinsky: "Re: HELP! CreateProcessWithLogonW issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
