Re: Single Sign-on authentication using Smart Cards

From: bill (bill_at_discussions.microsoft.com)
Date: 02/25/05 

Date: Fri, 25 Feb 2005 06:55:04 -0800

OK, I think I know what we need now to complete the smart card logon project
but I have a question about a Microsoft Technet article.

In article Q281245, (Guidelines for Enabling Smart Card Logon with Third
party CA's), the first line in the requirements section says:

"Required: Active Directory must have the third-party issuing CA in the
NTAuth store to authenticate users to active directory."

What exactly does this mean? Does it mean that a copy of the Third-party CA
must be installed in the NTAuth store or some kind of connection must be made
with the third-party?

"Paul Adare" wrote:

> In article <7131E925-F0C2-4ADE-BC1F-2AF397CDDA48@microsoft.com>, in the
> microsoft.public.win2000.security news group, =?Utf-8?B?YmlsbA==?=
> <bill@discussions.microsoft.com> says...
>
> > The certs that I see using the ActivCard software show one
> > for signature, encryption, and identity but I don't see one for logon. Is
> > this added during the card's creation?
> >
>
> No, it is added during the certificate request process. All of your
> questions can be answered by reading the information at the links
> provided to you by Steven.
>
> --
> Paul Adare
> "On two occasions, I have been asked [by members of Parliament],
> 'Pray, Mr. Babbage, if you put into the machine wrong figures,
> will the right answers come out?' I am not able to rightly apprehend
> the kind of confusion of ideas that could provoke such a question."
> -- Charles Babbage (1791-1871)
>