Hi, I try to arrange an environment, where users can logon to a Kerberos realm from Windows 2000 workstations via smartcard logon. I've already reached a point where normal password logon works from Windows workstations to the Kerberos realm, and the smartcard logon works from the Windows workstations to the Windows domain. However when I tested the smartcard logon from a Windows workstation to the Kerberos KDC, the workstation initiated a normal password logon to the Unix KDC instead of smartcard logon (according to the network traffic). I repeat: I initiated a logon using the smartcard logon process, typed the PIN but the network flow between the workstation and the Unix KDC was similar to the normal password logon case. My questions: is it the intentional working mechanism of the Windows 2000 workstations that it initiates a normal password logon to Unix KDC's or I have missed something? If it is intentional, however what part of the security system is responsible for it: the GINA, the LSA, ths SSP, maybe the corresponding CSP or other? What should I change in the system to make this environment work? Has anyone have any experience with such an environment?
thanks, Robert Pragai ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
