Re: More CAC issues [was- [Fed-Talk] PKINIT and Kerberos
Re: More CAC issues [was- [Fed-Talk] PKINIT and Kerberos
- Subject: Re: More CAC issues [was- [Fed-Talk] PKINIT and Kerberos
- From: "Timothy J. Miller" <email@hidden>
- Date: Tue, 15 Nov 2005 14:58:44 -0600
George Polich wrote:
Also, the latest service pack for Office added much greater compatibility
between Entourage and Outlook: a good update. But again -- all the
capability in the world is useless if you can not even "connect". And I
don't think -- someone prove me wrong I hope -- that you would be able to
"connect" with Entourage alone if not on the network and able to see the
server and the server see you.
Technically speaking, the Army directive isn't preventing you from
plugging your Mac into the wall and getting an IP address. PKINIT is
about getting Kerberos tickets for access to domain resources, not
accessing the physical network. While AD authentication is often
confused with network authentication, they are not the same.
A lot can be worked around. Assuming you have an IP address, you can
print IP direct to most modern office printers, bypassing the domain
controller print queue. Assuming your Exchange server is allowing IMAP
connections (which it must if Entourage is to work at all) it also
should be supporting username/password--so until they take your password
away (eventual given smartcard logon) you can continue to read mail.
Web sites doing client authentication should work fine from a Mac
regardless (cert selection bugs aside). File shares are probably off
the table, though. Domains may continues to accept your
username/password for a while, but I expect that will be one of the
first things to go.
This is not to say that such things would be smiled upon by the Powers
That Be, of course. ;)
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden