Re: WinLogon with smart card
- From: "Robert Hoghaug" <rjh@xxxxxxxxxxxxx>
- Date: Sun, 4 Dec 2005 19:11:51 -0600
Hello lazlo,
Consultance is yet another confused company that does not understand what is
meant by the term SmartCard. They are using the term defined by HID which is
not a true smart card but simply a "Smarter" Memory Card. It has a unique
Number associated with the card that can be read by various contact and
contactless readers but it is by NO means a Smart card.
To answer you question,
Without the kerberos extension you can not use a Certificate for Logon (i.e.
the Public/Private Keys) You can however use information stored in the
Certificate (like the Username) in conjunction with a stored password to
perform a Pseudo Smartcard logon (I believe this is what Datakey does). It
is not as secure as Certificates but Smarts Cards are far more secure a
storage device than an Iclass card! SO atleast you would be one up on them.
If oyu are looking for companies that can perform multifactor logon using
Smartcard/Iclass/proximity/Biometrics and so look at www.sig-tec.com they do
know the difference between a Smart Card and a Iclass Proximity card
"Cedric Scheyder" <cedric.scheyder@xxxxxxxxxxxxxxxxx> wrote in message
news:D074418C-1E10-4C51-8A77-FC4CD73AE8EF@xxxxxxxxxxxxxxxx
> Just take a look at IsLog
> http://www.consultance.fr
> We have written such a software (without PKI today)
> But you can log into your laptop with a smartcard (Mifare, prox,Iclass..)
>
> Regards
>
> "Eric Perlin [MS]" wrote:
>
>> There's nothing out of the box allowing this.
>> SC logon relies on the PKINIT extension of kerberos...
>> --
>> Eric Perlin [MS]
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> ---
>>
>> "lelteto" <lelteto@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:E570BD24-F2D5-45E6-8BC9-450A692D40B3@xxxxxxxxxxxxxxxx
>> > I found that the iKey 2032 sw (from Datakey) has such Gina. It can
>> > store
>> the
>> > login credentials (username and password) then the token works for
>> > stand-alone XP Windows logon. (ie. when inserted it prompts you for the
>> token
>> > PIN and logs in)
>> >
>> > However, it does NOT work really as smart card, ie. if in the Local
>> Security
>> > Policy -> Security Options -> Interactive logon: I set "Smart card
>> > removal
>> > behavior" to "Lock Workstation" it doesn't do that. (ie. if I remove
>> > the
>> > token nothing happens)
>> >
>> > The Datakey sw also supports PKI-style Windows Logon - however, for
>> > that I
>> > would need to set up the token with PKI credentials. Although I
>> > installed
>> > Windows Server 2003 on a test computer with Certificate Services I
>> > cannot
>> > figure out IF / HOW I could create login credentials in smart cards
>> > when
>> > there is NO Domain.
>> >
>> > So my original question still unanswered: Can smart card login (with
>> > PKI
>> > credentials) be used on stand-alone Windows XP computer? If yes, HOW
>> > can I
>> > 1) make the proper cert into the smart card (token)
>> > 2) tell the Windows XP computer to use that for logon?
>> >
>> > Anybody (eg. from Microsoft) can answer this?
>> >
>> > Thanks,
>> >
>> > Laszlo Elteto
>> > SafeNet, Inc.
>> >
>>
>>
>>
.
- Follow-Ups:
- Re: WinLogon with smart card
- From: lelteto
- Re: WinLogon with smart card
- Prev by Date: Re: Managed Password Filter
- Next by Date: Re: WinLogon with smart card
- Previous by thread: Access Denied Problem
- Next by thread: Re: WinLogon with smart card
- Index(es):
Relevant Pages
|
