Re: [Fed-Talk] Another CAC on NERP Question
Re: [Fed-Talk] Another CAC on NERP Question
- Subject: Re: [Fed-Talk] Another CAC on NERP Question
- From: Timothy J Miller <email@hidden>
- Date: Thu, 3 Apr 2008 09:54:31 -0500
On Apr 3, 2008, at 8:32 AM, Eric Glass wrote:
Not trying to hijack your thread, but I have a simple question. How
do you run LEAP, I've seen
that referenced many times in the mailing list and I'm just curious
what that means.
LEAP (Login EDI-PI Attribute Populator) was developed in the AF to
help AD admins finish prepping AD for smartcard logon by a couple of
needed attributes on your account. It runs as a web service in the
domain, so it has to be installed by your admins. There's also a
client piece, but all it does is check to see if you need to run it,
then it fires up IE and sends you to the LEAP web service.
The altSecurityIdentifiers attribute needs to be updated each time you
get a new CAC *only* if you need to use an ID cert to authenticate to
a service using AD for authorization. Otherwise it's generally
ignored. This bites Safari and Firefox users using auto cert
selection; IE doesn't do auto cert selection, so it doesn't crop up
there as often.
If LEAP is deployed in your domain and your account is already
smartcard enabled, all you need to do is find out where the service is
and hit it with IE and it will update altSecurityIdentities.
-- Tim
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden