CAC single sign on/authentication in a Client/Server C++

[Tim Tierney]

Hello,

I'm am trying to develop a Common Access Card client/server solution using
C++ and I'm looking for reference material/documentation.  I'd assume I need
PKInit extensions as well.

My client will be running on XP, server could be on XP or Windows 2003
server, and the KDC server will be Windows 2003.  Users will be required to
login with their CAC/Smart Card (certificate logon).

My client will have a CAC (Common Access Card) Card reader, using a
certificate based logon.  After a successful logon, I would like to pass the
public certificate to my server application running as a Service (Local
System acct).  I would like my server to talk to the KDC to obtain a
Kerberos TGT.  Then I can impersonate or create processes as the CAC/Smart
Card user.

Is this even possible?  

Is there any documentation that someone can point me too that I can use as a
reference?  I have been searching the forum and I didn't find any
information yet.  I'm still looking.

I'm do not need to talk to the card (I've got that code).  It is the
authentication mechanism between the client/server app that I need direction
on.

Any pointers/help would be greatly appreciated.

-Tim

P.S.  If I'm not supposed to post this type of question here please let me
know.
-- 
View this message in context: http://www.nabble.com/CAC-single-sign-on-authentication-in-a-Client-Server-C%2B%2B-tp22911463p22911463.html
Sent from the Kerberos - Dev mailing list archive at Nabble.com.