Re: WinLogon with smart card
- From: "Robert Hoghaug" <rjh@xxxxxxxxxxxxx>
- Date: Sun, 4 Dec 2005 19:11:51 -0600
Consultance is yet another confused company that does not understand what is
meant by the term SmartCard. They are using the term defined by HID which is
not a true smart card but simply a "Smarter" Memory Card. It has a unique
Number associated with the card that can be read by various contact and
contactless readers but it is by NO means a Smart card.
To answer you question,
Without the kerberos extension you can not use a Certificate for Logon (i.e.
the Public/Private Keys) You can however use information stored in the
Certificate (like the Username) in conjunction with a stored password to
perform a Pseudo Smartcard logon (I believe this is what Datakey does). It
is not as secure as Certificates but Smarts Cards are far more secure a
storage device than an Iclass card! SO atleast you would be one up on them.
If oyu are looking for companies that can perform multifactor logon using
Smartcard/Iclass/proximity/Biometrics and so look at www.sig-tec.com they do
know the difference between a Smart Card and a Iclass Proximity card
"Cedric Scheyder" <cedric.scheyder@xxxxxxxxxxxxxxxxx> wrote in message
> Just take a look at IsLog
> We have written such a software (without PKI today)
> But you can log into your laptop with a smartcard (Mifare, prox,Iclass..)
> "Eric Perlin [MS]" wrote:
>> There's nothing out of the box allowing this.
>> SC logon relies on the PKINIT extension of kerberos...
>> Eric Perlin [MS]
>> This posting is provided "AS IS" with no warranties, and confers no
>> "lelteto" <lelteto@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> > I found that the iKey 2032 sw (from Datakey) has such Gina. It can
>> > store
>> > login credentials (username and password) then the token works for
>> > stand-alone XP Windows logon. (ie. when inserted it prompts you for the
>> > PIN and logs in)
>> > However, it does NOT work really as smart card, ie. if in the Local
>> > Policy -> Security Options -> Interactive logon: I set "Smart card
>> > removal
>> > behavior" to "Lock Workstation" it doesn't do that. (ie. if I remove
>> > the
>> > token nothing happens)
>> > The Datakey sw also supports PKI-style Windows Logon - however, for
>> > that I
>> > would need to set up the token with PKI credentials. Although I
>> > installed
>> > Windows Server 2003 on a test computer with Certificate Services I
>> > cannot
>> > figure out IF / HOW I could create login credentials in smart cards
>> > when
>> > there is NO Domain.
>> > So my original question still unanswered: Can smart card login (with
>> > PKI
>> > credentials) be used on stand-alone Windows XP computer? If yes, HOW
>> > can I
>> > 1) make the proper cert into the smart card (token)
>> > 2) tell the Windows XP computer to use that for logon?
>> > Anybody (eg. from Microsoft) can answer this?
>> > Thanks,
>> > Laszlo Elteto
>> > SafeNet, Inc.
- Re: WinLogon with smart card
- From: lelteto
- Re: WinLogon with smart card
- Prev by Date: Re: Managed Password Filter
- Next by Date: Re: WinLogon with smart card
- Previous by thread: Access Denied Problem
- Next by thread: Re: WinLogon with smart card