• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: More CAC issues [was- [Fed-Talk] PKINIT and Kerberos
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More CAC issues [was- [Fed-Talk] PKINIT and Kerberos

  • Subject: Re: More CAC issues [was- [Fed-Talk] PKINIT and Kerberos
  • From: "Timothy J. Miller" <email@hidden>
  • Date: Tue, 15 Nov 2005 14:58:44 -0600
George Polich wrote:

Also, the latest service pack for Office added much greater compatibility
between Entourage and Outlook: a good update. But again -- all the
capability in the world is useless if you can not even "connect". And I
don't think -- someone prove me wrong I hope -- that you would be able to
"connect" with Entourage alone if not on the network and able to see the
server and the server see you.

Technically speaking, the Army directive isn't preventing you from plugging your Mac into the wall and getting an IP address. PKINIT is about getting Kerberos tickets for access to domain resources, not accessing the physical network. While AD authentication is often confused with network authentication, they are not the same.

A lot can be worked around. Assuming you have an IP address, you can print IP direct to most modern office printers, bypassing the domain controller print queue. Assuming your Exchange server is allowing IMAP connections (which it must if Entourage is to work at all) it also should be supporting username/password--so until they take your password away (eventual given smartcard logon) you can continue to read mail.

Web sites doing client authentication should work fine from a Mac regardless (cert selection bugs aside). File shares are probably off the table, though. Domains may continues to accept your username/password for a while, but I expect that will be one of the first things to go.

This is not to say that such things would be smiled upon by the Powers That Be, of course. ;)

-- Tim

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: More CAC issues [was- [Fed-Talk] PKINIT and Kerberos (From: George Polich <email@hidden>)

  • Prev by Date: [Fed-Talk] RE: PKINIT and Kerberos
  • Next by Date: RE: More CAC issues [was- [Fed-Talk] PKINIT and Kerberos
  • Previous by thread: Re: More CAC issues [was- [Fed-Talk] PKINIT and Kerberos
  • Next by thread: Re: More CAC issues [was- [Fed-Talk] PKINIT and Kerberos
  • Index(es):
    • Date
    • Thread