Announcement

Collapse
No announcement yet.

Secure logon Process via certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Secure logon Process via certificate

    hi everyone

    as we know that we have secondry logon by using smart card for example
    i need to secure the user Athentication process to AD via Certificate
    can i do like this ?!!

    what i did is use GPO to autoEnroll Certificate of user Configuration
    is this enough, i need to ensure that users authentication process are secured by Certificate ,how can i bind certifcate to each user

    please advice
    Last edited by abdalla; 11th April 2009, 16:05.

  • #2
    Re: Secure logon Process via certificate

    Planning a correct functioning PKI environment will costs you a lot of time.
    Because all the considerations you need to make I suggest you start planning it first before deploying it.

    I suggest you start reading from here:
    http://www.microsoft.com/windowsserv...i/default.mspx
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Secure logon Process via certificate

      thanks Dumber

      we already have PKI
      and at article there is what one-to-one mapping but it's for IIS Mapping
      i need something like that for user authenication

      Comment


      • #4
        Re: Secure logon Process via certificate

        Why do you need to secure an authentication protocol that is already secured ?
        Windows authentication during logon is done via Kerberos (or NTLM if not properly configured), which are both secure protocols.
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"

        Comment


        • #5
          Re: Secure logon Process via certificate

          thanks guyt
          yes keberos is secure protocal,but we use smart card during authentication,

          what i target to use a user certificate as alternative of smart card
          i don't know is it posible or not !!

          Comment


          • #6
            Re: Secure logon Process via certificate

            I'm confused. You mean that you want to logon using user/password, but instead of Kerberos use certificate to authenticate ?
            If that is the case, this can not be done and frankly speaking I do not see any reason why someone would want to do it like that...
            Guy Teverovsky
            "Smith & Wesson - the original point and click interface"

            Comment


            • #7
              Re: Secure logon Process via certificate

              hi guyt
              i need to use Certificate plus username and password
              i found that article http://technet.microsoft.com/en-us/l.../cc736781.aspx but not test it until now

              Comment


              • #8
                Re: Secure logon Process via certificate

                Originally posted by abdalla View Post
                hi guyt
                i need to use Certificate plus username and password
                i found that article http://technet.microsoft.com/en-us/l.../cc736781.aspx but not test it until now
                The article you are referring is for RAS and does not apply to domain logon.

                If you need to enforce both user/password AND certificate you have 2 options:

                1) Write your own subauthentication package: http://msdn.microsoft.com/en-us/libr...95(VS.85).aspx

                2) Use IPSec Domain Isolation and configure second authentication during the Main Mode for user certificates. This approach has obviously much larger implications.
                Guy Teverovsky
                "Smith & Wesson - the original point and click interface"

                Comment


                • #9
                  Re: Secure logon Process via certificate

                  thanks Guyt, your reply is very useful
                  i think using kerberos is enough

                  again thank you

                  Comment


                  • #10
                    Re: Secure logon Process via certificate

                    can i insert user certificate at published Certificate of User properities
                    see attachment pic
                    Attached Files

                    Comment

                    Working...
                    X