Smartcard logon using Unix KDC
Robert Pragai
pragai at rubin.hu
Mon Jan 26 03:57:46 EST 2004
Hi,
I try to arrange an environment, where users can logon to a
Kerberos realm from Windows 2000 workstations via smartcard logon.
I've already reached a point where normal password logon works from
Windows workstations to the Kerberos realm, and the smartcard logon
works from the Windows workstations to the Windows domain.
However when I tested the smartcard logon from a Windows
workstation to the Kerberos KDC, the workstation initiated a normal
password logon to the Unix KDC instead of smartcard logon (according
to the network traffic). I repeat: I initiated a logon using the
smartcard logon process, typed the PIN but the network flow between
the workstation and the Unix KDC was similar to the normal password
logon case.
My questions: is it the intentional working mechanism of the
Windows 2000 workstations that it initiates a normal password logon to
Unix KDC's or I have missed something? If it is intentional, however
what part of the security system is responsible for it: the GINA, the
LSA, ths SSP, maybe the corresponding CSP or other? What should I
change in the system to make this environment work?
Has anyone have any experience with such an environment?
thanks,
Robert Pragai
More information about the Kerberos
mailing list