Re: Disabled Smartcard logon?

Sektor
Date: 01/12/05

  • Next message: Didier Wenger: "Exportable PK for smartcard templates" 
    Date: Wed, 12 Jan 2005 09:44:02 +0100

    Ok, ignore previous message.
    I didn't read you were sure that the application causing the problem.
    Sorry.
    Bye.

    <Sektor> wrote in message news:uMxTlFI%23EHA.2580@TK2MSFTNGP15.phx.gbl...
    > If I not mistaken the Smartcard Logon is enabled only if your PC is in a
    > domain.
    > So if your machine is not joined to a domain no options will be displayed.
    >
    > Hope that's help.
    > Sektor
    >
    > "Mats Pettersson" <MatsPettersson@discussions.microsoft.com> wrote in
    > message news:5D38E15E-80E9-4EF9-A45E-3494826234BD@microsoft.com...
    >> Yes, the vendor supplies such service and I'm already using it in my
    >> calls
    >> from the csp. The problem I'm having is that the service/app somehow
    >> prevents
    >> the Smartcard Logon GINA option from being displayed. The system does not
    >> react to a smartcard insertion, which makes it impossible for me to test
    >> my
    >> csp for winlogon.
    >>
    >> - Is there another way to stop Windows from displaying the "Put in a
    >> smartcard" message during logon? For example a registry setting?
    >>
    >> - Any idea how I can enable it again?
    >>
    >> Thanks
    >> /Mats
    >>
    >>
    >> "lelteto" wrote:
    >>
    >>> Well, EXCLUSIVE mode is exclusive mode, ie. once you opened the read
    >>> with
    >>> exclusive mode others cannot connect. That is how it should be anyway.
    >>> When
    >>> this is the case and you want to use the card from more than one app /
    >>> service you need to create a dedicated SERVICE which mediates access to
    >>> the
    >>> card. Applications (including GINA) should connect to the service, not
    >>> directly to the reader.
    >>> Ask the vendor if they have such service which you can use from your CSP
    >>> code.
    >>>
    >>> Laszlo Elteto
    >>> SafeNet, Inc.
    >>>
    >>> "Mats Pettersson" wrote:
    >>>
    >>> > Hi,
    >>> > I'm writing a CSP to be used for Smartcard Logon in Windows XP. I also
    >>> > have
    >>> > an other application and service that connects to my smartcard reader
    >>> > with
    >>> > SCardConnect with the option EXCLUSIVE MODE. All my calls to the
    >>> > smartcard
    >>> > goes throw this application.
    >>> >
    >>> > The problem I'm having is that the GINA does not react when a
    >>> > smartcard
    >>> > reader is present, ones my security services sets the reader in
    >>> > exclusive
    >>> > mode. Hence the option press "Ctrl - Alt - delete" or "put in a Smart
    >>> > card"
    >>> > is not shown just the default "Ctrl-Alt-Delete". This makes it
    >>> > impossible for
    >>> > me to use SmartCard Login.
    >>> >
    >>> > I have written a test code and the low level calls
    >>> > SCardEstablishContext,
    >>> > SCardListReaders, SCardGetStatusChange works. I installed a pt-GINA
    >>> > and made
    >>> > the listed calls from there and they all worked (after the application
    >>> > started).
    >>> >
    >>> > But I still encounter the same problem that only the default message
    >>> > is
    >>> > displayed. Or to be more precise the "Put in a smart card" message is
    >>> > shown
    >>> > for about a second then the security service starts and only the
    >>> > default
    >>> > message is displayed.
    >>> >
    >>> > I have been in contact with the vendor and according to them the only
    >>> > thing
    >>> > they do is connecting to the smartcard in EXCLUSIVE MODE. I have also
    >>> > removed
    >>> > there application/service and then every thing worked fine. I'm
    >>> > therefore
    >>> > sure that it is causing the problem.
    >>> >
    >>> > - Is there another way to stop Windows from displaying the "Put
    >>> > in a
    >>> > smartcard" message during logon? For example a registry
    >>> > setting?
    >>> >
    >>> > - Is there a way to activate this functionality again?
    >>> >
    >>> > Thanks
    >>> > /Mats
    >>> >
    >>> > "Eric Perlin [MS]" wrote:
    >>> >
    >>> > > Winlogon has to make a few low level smartcard calls before the CSP
    >>> > > can be
    >>> > > invoked: SCardEstablishContext, SCardListReaders,
    >>> > > SCardGetStatusChange,
    >>> > > SCardListCards and SCardGetCardTypeProviderName.
    >>> > > The fact that the default message is still displayed indicates that
    >>> > > one of
    >>> > > the first 2 calls fails!
    >>> > > How is the other application connecting to the reader/card?
    >>> > > --
    >>> > > Eric Perlin [MS]
    >>> > > This posting is provided "AS IS" with no warranties, and confers no
    >>> > > rights.
    >>> > > ---
    >>> >
    >>> >
    >
    >

  • Next message: Didier Wenger: "Exportable PK for smartcard templates"