Re: Smart Card based Logon & User ID and Password
From: Brian Komar (bkomar_at_nospam.identit.ca)
Date: Fri, 17 Jun 2005 14:19:08 -0500
In article <MPG.email@example.com>,
> In article <A8DE0858-439E-4A16-A21A-7F2683C2F226@microsoft.com>, in the
> microsoft.public.security news group, =?Utf-8?B?YmlsbA==?=
> <firstname.lastname@example.org> says...
> > Hello group,
> > Regarding Smart Card based logon, all of the documention I'm reading
> > indicates that in order for this to work, the username field in AD must
> > contain the EID number off of the Smart Card. My question is, is there a way
> > to maintain the username field as an actual name instead of an IED?
> I've no idea what you've been reading, but whatever your source is, it
> is completely wrong.
Further to what Paul said, the smart card must contain the user's UPN.
It is a matching of the UPN to the user's UPN that identifies the holder
of the smart card.
-- == Brian Komar MVP - Windows - Security http://www.identit.ca/blogs/brian