Re: Smart Card Log-in
From: GeeCee (graham.connell@i-solve.co.uk)
Date: 01/30/03
- Next message: Chris Gilbert: "Re: SMIME.txt"
- Previous message: Jan S.: "Default NTFS file security"
- In reply to: Rick Kingslan [MVP 2000/NT]: "Re: Smart Card Log-in"
- Next in thread: Eric Perlin [MS]: "Re: Smart Card Log-in"
- Reply: Eric Perlin [MS]: "Re: Smart Card Log-in"
- Reply: David Cross [MS]: "Re: Smart Card Log-in"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "GeeCee" <graham.connell@i-solve.co.uk> Date: Thu, 30 Jan 2003 02:35:14 -0800
Rick
I guess my original question was a bit vague.
My understanding is that the default means of
authentication in a purely W2K environment is via
Kerberos, with the primary authentication being enabled
either by UID/PWD or via smart card using the GINA.
Ref -
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/prodtechnol/windows2000serv/maintain/security/
pkintop.asp?frame=true
- the para on smart card logon.
However in mixed W2K and NT server environments, my
understanding is that it is possible to disable Kerberos
and use NTLM for domain level authentication. So I guess
my question really is does NTLM support logon via smart
card? And if so would it therefore be feasible to leave it
disabled in a purely Win2K environment.
The reason I ask ????
Well if you do use the Win2K smart card based logon it
insists on the certs being issued from the Windows CA,
rather than a 3rd party CA. So I'm trying to see if
there's a way round this, as my client wants to use
Identrus certs.
This is the real problem I'm trying to solve so any advice
would be most welcome.
KR,
Graham
>-----Original Message-----
>I might be missing the bigger picture here. Most smart
cards work on
>certificates. Kerberos would be necessary for the
interdomain communication
>after the fact.
>
>How's your PKI and CA? ;)
>
>--
>Rick Kingslan MCSE, MCSA, MCT
>Microsoft MVP - Windows 2000/NT
>Beta ID #108394
>
>
>"GeeCee" <graham.connell@i-solve.co.uk> wrote in message
>news:0a0f01c2c7a3$91fb5700$d4f82ecf@TK2MSFTNGXA11...
>> Is it possible to enable smart card login to a Windows
>> 2000 domain without Kerberos, i.e. in NTLM mode?
>
>
>.
>
- Next message: Chris Gilbert: "Re: SMIME.txt"
- Previous message: Jan S.: "Default NTFS file security"
- In reply to: Rick Kingslan [MVP 2000/NT]: "Re: Smart Card Log-in"
- Next in thread: Eric Perlin [MS]: "Re: Smart Card Log-in"
- Reply: Eric Perlin [MS]: "Re: Smart Card Log-in"
- Reply: David Cross [MS]: "Re: Smart Card Log-in"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
