[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Smartcard logon using Heimdal KDC
I try to arrange an environment, where users can logon to a Kerberos
realm from Windows 2000 workstations via smartcard logon.
I've already reached a point where normal password logon works from
Windows workstations to the Kerberos realm, and the smartcard logon
works from the Windows workstations to the Windows domain.
However when I tested the smartcard logon from a Windows workstation
to the Heimdal KDC, the workstation initiated a normal password logon to
the Unix KDC instead of smartcard logon according to the network
traffic. I initiated a logon using the smartcard logon process, typed
the PIN but the network flow between the workstation and the Unix KDC
was similar to the normal password logon case.
Does anyone have enough experience with wiht Windows PKINIT to
answer whether it is the intentional working mechanism of the Windows
2000 workstations that it initiates a normal password logon to Unix
KDC's? If it is intentional, however what part of the security system is
responsible for it: the GINA, the LSA, ths SSP, maybe the corresponding
CSP or other? What should I change in the system to make this
All comments are welcome.