Re: WinLogon with smart card



Hello lazlo,

Consultance is yet another confused company that does not understand what is
meant by the term SmartCard. They are using the term defined by HID which is
not a true smart card but simply a "Smarter" Memory Card. It has a unique
Number associated with the card that can be read by various contact and
contactless readers but it is by NO means a Smart card.

To answer you question,

Without the kerberos extension you can not use a Certificate for Logon (i.e.
the Public/Private Keys) You can however use information stored in the
Certificate (like the Username) in conjunction with a stored password to
perform a Pseudo Smartcard logon (I believe this is what Datakey does). It
is not as secure as Certificates but Smarts Cards are far more secure a
storage device than an Iclass card! SO atleast you would be one up on them.
If oyu are looking for companies that can perform multifactor logon using
Smartcard/Iclass/proximity/Biometrics and so look at www.sig-tec.com they do
know the difference between a Smart Card and a Iclass Proximity card

"Cedric Scheyder" <cedric.scheyder@xxxxxxxxxxxxxxxxx> wrote in message
news:D074418C-1E10-4C51-8A77-FC4CD73AE8EF@xxxxxxxxxxxxxxxx
> Just take a look at IsLog
> http://www.consultance.fr
> We have written such a software (without PKI today)
> But you can log into your laptop with a smartcard (Mifare, prox,Iclass..)
>
> Regards
>
> "Eric Perlin [MS]" wrote:
>
>> There's nothing out of the box allowing this.
>> SC logon relies on the PKINIT extension of kerberos...
>> --
>> Eric Perlin [MS]
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> ---
>>
>> "lelteto" <lelteto@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:E570BD24-F2D5-45E6-8BC9-450A692D40B3@xxxxxxxxxxxxxxxx
>> > I found that the iKey 2032 sw (from Datakey) has such Gina. It can
>> > store
>> the
>> > login credentials (username and password) then the token works for
>> > stand-alone XP Windows logon. (ie. when inserted it prompts you for the
>> token
>> > PIN and logs in)
>> >
>> > However, it does NOT work really as smart card, ie. if in the Local
>> Security
>> > Policy -> Security Options -> Interactive logon: I set "Smart card
>> > removal
>> > behavior" to "Lock Workstation" it doesn't do that. (ie. if I remove
>> > the
>> > token nothing happens)
>> >
>> > The Datakey sw also supports PKI-style Windows Logon - however, for
>> > that I
>> > would need to set up the token with PKI credentials. Although I
>> > installed
>> > Windows Server 2003 on a test computer with Certificate Services I
>> > cannot
>> > figure out IF / HOW I could create login credentials in smart cards
>> > when
>> > there is NO Domain.
>> >
>> > So my original question still unanswered: Can smart card login (with
>> > PKI
>> > credentials) be used on stand-alone Windows XP computer? If yes, HOW
>> > can I
>> > 1) make the proper cert into the smart card (token)
>> > 2) tell the Windows XP computer to use that for logon?
>> >
>> > Anybody (eg. from Microsoft) can answer this?
>> >
>> > Thanks,
>> >
>> > Laszlo Elteto
>> > SafeNet, Inc.
>> >
>>
>>
>>


.



Relevant Pages

  • server 2003 smart card deployment
    ... certificate, and an administrator certificate both were ... certificate for a smart card on behalf of another user by using the smart ... insert the smartcard and click enroll, when I do I get an error, the details ... Smart Card Reader 'O2Micro PCMCIA Reader 0' rejected IOCTL EJECT: ...
    (microsoft.public.windows.server.general)
  • Re: Windows logon through smart card.
    ... A real PKINIT SC logon uses a private key on the card. ... architecture and to enable smart card logon we have to hook msgina. ... If its a certificate based logon then how ...
    (microsoft.public.platformsdk.security)
  • Re: Problem with smart card login
    ... a user may be able to logon with username ... and password if the smart card logon is not available. ... If you do not want a user to logon with a particular certificate, ... computer does cache the CRL. ...
    (microsoft.public.win2000.security)
  • Re: Smartcard Encryption under Windows
    ... Smartcard operations really depend on what type of certificate is stored on ... To perform data encryption you need a certificate that is created with Key ... This allows you to request that the smart card ... > An example code using PC/SC will also be nice. ...
    (microsoft.public.security)
  • Re: Smartcard Encryption under Windows
    ... Smartcard operations really depend on what type of certificate is stored on ... To perform data encryption you need a certificate that is created with Key ... This allows you to request that the smart card ... > An example code using PC/SC will also be nice. ...
    (microsoft.public.win2000.security)