Re: Single Sign-on authentication using Smart Cards
From: Herb Martin (news_at_LearnQuick.com)
Date: 02/24/05
- Next message: LadyHills: "WINNT\system32\uwryljwu5.exe any ideas?"
- Previous message: Buddy Robbins: "Need Help programmatically setting AD Permissions"
- In reply to: bill: "Re: Single Sign-on authentication using Smart Cards"
- Next in thread: Steven Umbach: "Re: Single Sign-on authentication using Smart Cards"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Feb 2005 20:02:45 -0600
"bill" <bill@discussions.microsoft.com> wrote in message
news:388662CB-CAB3-4F88-8AE0-3C634408D41D@microsoft.com...
> Thanks. I do have the Certs on the card but when I insert it during the
logon
> screen and enter my PIN this does not log me onto the domain.
"The certs" which one(s)?
> I guess my real
> question is how do you tie in domain logon information with the Smart
Card?
The certs need to be issued by a "trusted" (by the domain)
CA which usually means an "Enterprise CA".
Effectively 'Enterprise' MEANS and Active Directory CA.
They also have to marked for this purpose.
> Is this done at the CA or do I have to purchase additional middleware?
No, you do it from a "smart card enrollment" station.
(Just a PC that can add the cert to the card and by
a use [admin etc.] who can request them on another
users behalf.)
Search for those phrases through Google:
[ smartcard logon "certificate enrollment station" site:microsoft.com ]
-- Herb Martin > > "Herb Martin" wrote: > > > "bill" <bill@discussions.microsoft.com> wrote in message > > news:C373D198-A60B-48BF-9380-10A4BB5ED89C@microsoft.com... > > > Hello security group, > > > > > > As a requirement for work, I've been doing research for work regarding > > > Single sign-on Windows authentication using a Smart card. I know that > > Windows > > > 2000/2003 servers have good integration with Smart Cards, however I'm > > > wondering what the requirements are for implementing single sign-on site > > > wide. Ideally I would like something that integrates with AD, but I know > > that > > > is not necessarily a requirement. I've been tasked wtih doing a demo on a > > > single workstation, is this possible? What software/hardware would I need > > to > > > do this? > > > > You have it already for AD domains. > > > > > Just to clarify what I mean by single sign-on, I'm thinking something that > > > can allow a user to simply put in a Smart Card, enter their PIN, and have > > > access to the system, including their email profile. > > > > Win2000 and Win2003 domains (and 2000/XP clients) > > have this ability built-in -- if there is a smart card reader > > on the station it becomes a choice. > > > > > Also, just to add to what I wrote up top, I am currently using Smart > > Cards, > > > however only for signing and encrypting email and viewer secured sites, > > not > > > to log into a Windows domain. Thanks again. > > > > Why don't you just try using (your own) Smart Card to > > logon. > > > > Add a reader to your machine and you should see the > > choice at logon -- if you card has the required certificate > > then it will "just work". (You may have to add a cert to > > it if it doesn't have the right type/trust from the domain > > CA.) > > > > -- > > Herb Martin > > > > > > > > > > Thank you all in advance. > > > > > >
- Next message: LadyHills: "WINNT\system32\uwryljwu5.exe any ideas?"
- Previous message: Buddy Robbins: "Need Help programmatically setting AD Permissions"
- In reply to: bill: "Re: Single Sign-on authentication using Smart Cards"
- Next in thread: Steven Umbach: "Re: Single Sign-on authentication using Smart Cards"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
