Re: [SmartcardServices-Users] [Fed-Talk] Re: Require smart card login
Re: [SmartcardServices-Users] [Fed-Talk] Re: Require smart card login
- Subject: Re: [SmartcardServices-Users] [Fed-Talk] Re: Require smart card login
- From: Ron Colvin <email@hidden>
- Date: Wed, 13 Oct 2010 16:21:10 -0400
On 10/13/10 3:59 PM, Shawn A. Geddis wrote:
Organizations apply policy such as requiring smart cards by managing
their AD. This is not something that they would do at the client
side. What is managed on the client side would be any necessary mods
to support the required authentication methods (ie. manage or install
client side middleware such your ADmitMac for CAC).
The Mac would be bound to AD (for Authentication and Authorization)
hence if AD requires ONLY Smart Cards then the Mac User would only be
able to authenticate via smart cards. Whether the client system is OS
X or Windows the end result is the same --- management of forced
authentication methods is at the Directory Service.
Shawn I could definitely see a use case for smartcard only at console to
require two-factor authentication for a client box. I see a different
use case for requiring only a smartcard ever for that account. I could
certainly see a different use depending on what type of data the client
processes and whether it is a mobile workstation or a smartphone. On or
off for the user account only is not sufficient.
--
***************************************************************
Ron Colvin CISSP, CEH
Enterprise Integration Engineer, Security Analyst Code 700
DCSE Code 100& 110
NASA - Goddard Space Flight Center
<email@hidden>
Direct phone 301-286-2451
NASA Jabber (email@hidden) AIM rcolvin13
NASA LCS (email@hidden)
****************************************************************
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden