Re: Smart Card based Logon & User ID and Password

From: Brian Komar (bkomar_at_nospam.identit.ca)
Date: 06/17/05


Date: Fri, 17 Jun 2005 14:19:08 -0500

In article <MPG.1d1ca7dc87e8c02f989dc0@msnews.microsoft.com>,
padare@newsguy.com says...
> In article <A8DE0858-439E-4A16-A21A-7F2683C2F226@microsoft.com>, in the
> microsoft.public.security news group, =?Utf-8?B?YmlsbA==?=
> <bill@discussions.microsoft.com> says...
>
> > Hello group,
> >
> > Regarding Smart Card based logon, all of the documention I'm reading
> > indicates that in order for this to work, the username field in AD must
> > contain the EID number off of the Smart Card. My question is, is there a way
> > to maintain the username field as an actual name instead of an IED?
>
> I've no idea what you've been reading, but whatever your source is, it
> is completely wrong.
>
>
Further to what Paul said, the smart card must contain the user's UPN.
It is a matching of the UPN to the user's UPN that identifies the holder
of the smart card.

Brian

-- 
==
Brian Komar
MVP - Windows - Security
http://www.identit.ca/blogs/brian


Relevant Pages

  • Re: Re: PKI SC Logon with no UPN.
    ... "Brian Komar" wrote: ... > the certificate to ... > For details on what is required to issue smart card certs from ... > Note that the SAN must include the UPN ...
    (microsoft.public.win2000.security)
  • Re: Smart Card based Logon & User ID and Password
    ... > Regarding Smart Card based logon, all of the documention I'm reading ... > contain the EID number off of the Smart Card. ... > to maintain the username field as an actual name instead of an IED? ... I've no idea what you've been reading, but whatever your source is, it ...
    (microsoft.public.security)
  • Smart Card based Logon & User ID and Password
    ... Regarding Smart Card based logon, all of the documention I'm reading ... to maintain the username field as an actual name instead of an IED? ...
    (microsoft.public.security)
  • Re: Smart Card based Logon & User ID and Password
    ... > only create user accounts with the number, ... Request a smart card certificate from the third-party CA you'll see the ... The UPN OtherName value: ... certificates, you won't be able to use them for smart card logon. ...
    (microsoft.public.security)
  • Re: Smart Card based Logon & User ID and Password
    ... When the smart card certificate is ... In Windows, the UPN is used ... EID, nor exactly what you mean by EID in the first place. ...
    (microsoft.public.security)