Authentication and smart cards

TheMSsForum.com: The Microsoft Software Forum

Hi!

I have started the deployment of smart cards in my organisation. I'm in a
test phase to see what problems will occur and I have already run into
several.
We use smart cards and smart card readers so there is no soft certificate on
the computers. We have Windows Server 2003 och Windows XP Sp2 on the
clients.
I want the users to only use the smart card and interactive logon should
only be allowed with the smart card.

Problems:

1. The users can no longer log into Outlook Webb Access, since the password
is unknown. It is set to something were long the same time I activate the
option to only allow interactive logon via smart card. Are Microsoft coming
up with a solution so OWA can authenticate the user from a smart card reader
? Is there any other solution to this problem?

2. We use smart phones. Very nice tool, but I have the same problem here.
The smartphone wants my username, password and domin name to start
synchronizing with the Exchange Server. I don't have the password. Is there
any way to have it authenticate to Exchange with my certificate?

Regards
Johan
Top

Re: Authentication and smart cards by S

S
Fri Aug 25 20:45:13 CDT 2006

Both are known issues, and you have to implement a workaround of some sorts.
I'm not sure is OWA is going to be fixed even in Exchange 2007.

Certificate-based authentication for mobile clients is introduced with
Windows Mobile Messaging and Security Pack:

http://www.microsoft.com/windowsmobile/business/5/default.mspx

New certificate deployment procedure and probably template will be required
for those, depending on your requirements.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-



"Swedboy" <swedboyathotmail.com> wrote in message
news:eZIPyJGyGHA.4232@TK2MSFTNGP04.phx.gbl...
> Hi!
>
> I have started the deployment of smart cards in my organisation. I'm in a
> test phase to see what problems will occur and I have already run into
> several.
> We use smart cards and smart card readers so there is no soft certificate
> on the computers. We have Windows Server 2003 och Windows XP Sp2 on the
> clients.
> I want the users to only use the smart card and interactive logon should
> only be allowed with the smart card.
>
> Problems:
>
> 1. The users can no longer log into Outlook Webb Access, since the
> password is unknown. It is set to something were long the same time I
> activate the option to only allow interactive logon via smart card. Are
> Microsoft coming up with a solution so OWA can authenticate the user from
> a smart card reader ? Is there any other solution to this problem?
>
> 2. We use smart phones. Very nice tool, but I have the same problem here.
> The smartphone wants my username, password and domin name to start
> synchronizing with the Exchange Server. I don't have the password. Is
> there any way to have it authenticate to Exchange with my certificate?
>
> Regards
> Johan
>


Top