CRL caching and smart card logon
From: Uljas Käki (someone_at_microsoft.com)
Date: 11/28/05
- Next message: Miha Pihler [MVP]: "Re: CRL caching and smart card logon"
- Previous message: peter.marshall_at_caris.com: "Re: Add PC to domain Problem"
- Next in thread: Miha Pihler [MVP]: "Re: CRL caching and smart card logon"
- Reply: Miha Pihler [MVP]: "Re: CRL caching and smart card logon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Nov 2005 22:08:51 +0200
We are implementing smart card logon with third-party certificates. We have
Windows 2003 servers, Windows XP workstations and Windows 2003 CA (for
domain controller certificates).
As far as I have found out, when you log on with third-party certificates,
domain controllers check the published CRL, which is published in internet.
How about situation, when CRL is not available? For example, the CRL server
or WAN link is down for some reason, or the computer where the user is
logging on, does not have network connection (the user must have logged on
to that computer earlier succesfully, of course).
I know that in this kind of situations things work ok, for a while at least.
But if CRL server is down, or no domain controller is available (cached
credentials) for longer time, when can I start expecting trouble?
Theoretically, this situation could be that a person is on a vacation or on
a long business trip with his/her laptop, and has no connection to DC or CRL
point for, say, two months. Would there be some kind of trouble?
Are there some settings which would affect any of these?
Thanks, Uljas
- Next message: Miha Pihler [MVP]: "Re: CRL caching and smart card logon"
- Previous message: peter.marshall_at_caris.com: "Re: Add PC to domain Problem"
- Next in thread: Miha Pihler [MVP]: "Re: CRL caching and smart card logon"
- Reply: Miha Pihler [MVP]: "Re: CRL caching and smart card logon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
