|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Relative Security Provided by Cached Domain Credentials?
From: Kim Oppalfens (Kim.Oppalfens
azlan.be)
Date: Thu May 27 2004 - 01:56:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Nicolas,
I know from personal experience as well that most other uses for
certificates on smartcards work fine.
But I have to (in my eyes fairly knowledgable people stating it can not be
done).
One is Ben Smith a respected Microsoft security speaker, the other one is
Brian Komar.
So I don't like to say trust me on this one, but either trust those guys or
try it out for yourself.
Longhorn is supposed to be able to do this in the near future.
Kim Oppalfens
Hello,
I do not have any personal experience of EFS + SmartCards. I guess it would
work because of the CryptoAPI abstraction between applications and
certificate stores, but I won't take it for granted because Microsoft
documentation contradicts from one source to another.
However I managed to get the following combo working : SmartCard + USB Token
Reader + Windows 2003 Domain Controller + Windows XP Client + "SmartCard
User" certificate. This certificate has been successfully used for Domain
Logon, Mail Encryption and Mail Signature.
Hope it helps.
Regards,
- Nicolas RUFF
-----------------------------------
Security Consultant
EdelWeb (http://www.edelweb.fr/)
-----------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]