Certificates - Multiple machines - one user
From: Doug Perkerson (DougPerkerson_at_discussions.microsoft.com)
Date: 02/26/05
- Next message: cherrys5: "Trojan.StartPage removal"
- Previous message: Paul Adare: "Re: Tapeware Backups"
- Next in thread: Mark Hawkins [MSFT]: "Re: Certificates - Multiple machines - one user"
- Reply: Mark Hawkins [MSFT]: "Re: Certificates - Multiple machines - one user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 26 Feb 2005 11:37:02 -0800
I've got a question about users certificates. We have CA setup and we have
begun issuing certs to users. The major push for the certs is 802.1X
authentication, both for wireless and wired connections.
The problem that I have experienced is with the pool of laptops. The
wireless network is using EAP-TLS authentication. The machine authenticates
to the network with no problem. The users however do not. In this scenario,
the user has a desktop that they use day to day. When they have a
presentation to give or need to travel to a remote office they are issued a
laptop from the pool. Since the user's certificate was issued to them while
they were logged into their desktop, they do not have access to the private
key's on the laptop and can therefore not authenticate to the network.
I realize that we could issue the certificates as exportable and then
manually move the certificate to the laptop. Is this the best way to solve
this problem? Aren't there security risks involved in making the keys
exportable?
Any comments that anyone can provide will be greatly appreciated.
- Next message: cherrys5: "Trojan.StartPage removal"
- Previous message: Paul Adare: "Re: Tapeware Backups"
- Next in thread: Mark Hawkins [MSFT]: "Re: Certificates - Multiple machines - one user"
- Reply: Mark Hawkins [MSFT]: "Re: Certificates - Multiple machines - one user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
