Re: Smart Card based Logon & User ID and Password

From: Brian Komar (bkomar_at_nospam.identit.ca)
Date: 06/17/05


Date: Fri, 17 Jun 2005 14:19:08 -0500

In article <MPG.1d1ca7dc87e8c02f989dc0@msnews.microsoft.com>,
padare@newsguy.com says...
> In article <A8DE0858-439E-4A16-A21A-7F2683C2F226@microsoft.com>, in the
> microsoft.public.security news group, =?Utf-8?B?YmlsbA==?=
> <bill@discussions.microsoft.com> says...
>
> > Hello group,
> >
> > Regarding Smart Card based logon, all of the documention I'm reading
> > indicates that in order for this to work, the username field in AD must
> > contain the EID number off of the Smart Card. My question is, is there a way
> > to maintain the username field as an actual name instead of an IED?
>
> I've no idea what you've been reading, but whatever your source is, it
> is completely wrong.
>
>
Further to what Paul said, the smart card must contain the user's UPN.
It is a matching of the UPN to the user's UPN that identifies the holder
of the smart card.

Brian

-- 
==
Brian Komar
MVP - Windows - Security
http://www.identit.ca/blogs/brian