Re: Smart Card Log-in
From: David Cross [MS] (dcross@online.microsoft.com)
Date: 01/31/03
- Next message: Karl Levinson [x y] mvp: "Re: Decrypt error"
- Previous message: Nick Falcone: "Re: Power Management"
- In reply to: GeeCee: "Re: Smart Card Log-in"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Cross [MS]" <dcross@online.microsoft.com> Date: Fri, 31 Jan 2003 06:36:39 -0800
You can use third party CAs for smartcard logon if they comply with the
requirements specified in this KB article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;281245
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. http://support.microsoft.com "GeeCee" <graham.connell@i-solve.co.uk> wrote in message news:023101c2c84b$465a2350$8df82ecf@TK2MSFTNGXA02... > Rick > > I guess my original question was a bit vague. > > My understanding is that the default means of > authentication in a purely W2K environment is via > Kerberos, with the primary authentication being enabled > either by UID/PWD or via smart card using the GINA. > Ref - > http://www.microsoft.com/technet/treeview/default.asp? > url=/technet/prodtechnol/windows2000serv/maintain/security/ > pkintop.asp?frame=true > - the para on smart card logon. > > However in mixed W2K and NT server environments, my > understanding is that it is possible to disable Kerberos > and use NTLM for domain level authentication. So I guess > my question really is does NTLM support logon via smart > card? And if so would it therefore be feasible to leave it > disabled in a purely Win2K environment. > > The reason I ask ???? > > Well if you do use the Win2K smart card based logon it > insists on the certs being issued from the Windows CA, > rather than a 3rd party CA. So I'm trying to see if > there's a way round this, as my client wants to use > Identrus certs. > > This is the real problem I'm trying to solve so any advice > would be most welcome. > > KR, > > Graham > >-----Original Message----- > >I might be missing the bigger picture here. Most smart > cards work on > >certificates. Kerberos would be necessary for the > interdomain communication > >after the fact. > > > >How's your PKI and CA? ;) > > > >-- > >Rick Kingslan MCSE, MCSA, MCT > >Microsoft MVP - Windows 2000/NT > >Beta ID #108394 > > > > > >"GeeCee" <graham.connell@i-solve.co.uk> wrote in message > >news:0a0f01c2c7a3$91fb5700$d4f82ecf@TK2MSFTNGXA11... > >> Is it possible to enable smart card login to a Windows > >> 2000 domain without Kerberos, i.e. in NTLM mode? > > > > > >. > >
- Next message: Karl Levinson [x y] mvp: "Re: Decrypt error"
- Previous message: Nick Falcone: "Re: Power Management"
- In reply to: GeeCee: "Re: Smart Card Log-in"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
