From: "sim rid" <[EMAIL PROTECTED]> Reply-To: MUSCLE <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [Muscle] New CSP issues Date: Tue, 27 Jul 2004 02:59:01 +0000
Kewl, that worked just fine. :)
Just for kicks I tried to use it through citrix from a Solaris box but it didn't work. No biggy, it was just for fun.
it works over terminal services, pure. MS forward smartcard class devices from the terminal to the server just as they do for keyboard/mouse/sound. Thyis was necessary, of course, to ensure domain logic via smartcards function identically over terminal sessions, as local sessions.
One of the nice sideeffects is you get the secuirty association of the underlying T.120 framing, acting as a secure channel for the TPDUs - assuming you view the local host as a trusted device.
I noticed that using Microsoft certsrv you can't generate the keypair for the smartcard user actually on the smartcard. Instead I generate it in software using Microsoft CSP and dump it to a p12 so I can play with it and import it to muscle card with Mozilla. Is this oncard keygen feature not supported in the CSP yet?
I realize I'm probably going beyond what the CSP was written for :)
Also, just a little item. When using IE to connect to a site that requests NEGOTIATE authentication a box pops up asking for a Muscle Card to be inserted(OK/CANCEL). This is used for authenticating to a server using NTLM and Kerberos(GSS/SPNego).
Cheers :)
From: David Corcoran <[EMAIL PROTECTED]> Reply-To: MUSCLE <[EMAIL PROTECTED]> To: MUSCLE <[EMAIL PROTECTED]> Subject: Re: [Muscle] New CSP issues Date: Fri, 23 Jul 2004 07:00:41 -0500
Hi,
Yes, you are correct. Windows has an ATR recognition method for determining which CSP to use.
Did you try signing with Outlook initially ?
You are certainly testing this to it's ultimate feature which is Windows login. Here is what you must do:
Add a registry entry in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\
for this card - if you refer to another one you will see how this works. Then for Crypto Provider just
put Muscle CSP ........
Dave
On Jul 23, 2004, at 2:05 AM, sim rid wrote:
problem************************************************************************ *****
David Corcoran <[EMAIL PROTECTED]>
Identity Alliance [http://www.identityalliance.com]
Smart Cards, Biometrics, Training, Identity Management
************************************************************************ *****
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
