Smart card logon & NTLM
From: Matt Porco (matt_at_virtuosic.com)
Date: 06/03/03
- Next message: Mike Beste: "Windows Update: What TCP port is used to get updates"
- Previous message: Roget: "MS & McAfee Updates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 3 Jun 2003 17:42:48 -0400
According to
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/prodtech/smrtcard/smrtcdcb/sec1/smartc03.asp:
"Microsoft's implementation of the [Kerberos] protocol uses extensions to
enable smart card logon. This provides the twin advantages of strengthening
the authentication process and providing seamless entry into the public key
infrastructure. Smart card logon only works with Kerberos; you cannot use
NTLM, the authentication method of Windows NTŪ 4.0 and earlier versions of
Windows NT, for smart card logon."
It is my understanding that, even with Kerberos as the default
authentication protocol, Windows 2000 still uses NTLM (v2) authentiation
under some circumstances even in a pure Windows 2000 environment (for
example, when accessing resources on a standalone Windows 2000 system or
when accessing a system by IP address rather than by name). If this is the
case, then how does this work when you're using smart card logon? Will you
be prompted for a username & password when accessing these resources?
Also, if you have a Windows NT member server in a Windows 2000 domain
running in mixed mode, can users logged in via smart card logon seamlessly
access resources on the NT server, or will they be prompted for username &
password?
Thanks.
Matt Porco
- Next message: Mike Beste: "Windows Update: What TCP port is used to get updates"
- Previous message: Roget: "MS & McAfee Updates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
