certificate authentication

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

I have a Windows 2003 server domain with Active Directory on and an
Enterprise Certification Authority.
The problem is :

I have a phisical person who has two AD accounts, one as user and onother as
administrator
I have to give to him a smart card and remove the user name/password logon

Can I generate two authentication certificates on the same samrt card?
Can I choose (using windows logon) wich user log to the system?
Do I have any component to modify/create to do this ?

At the end of all, is this thing possible?

Hope in your help
1 answer Last reply
More about certificate authentication
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    1. Yes you can put two authN certificates on the card.

    2. However, you cannot choose from multiple certs for logon. This
    functionality is being considered for future releases.

    --
    David B. Cross [MS]
    --
    This posting is provided "AS IS" with no warranties, and confers no rights.


    Top Whitepapers:

    Auto-enrollment whitepaper:
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx

    Best Practices for implementing Windows Server 2003 PKI:
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx

    Troubleshooting Certificate Status and Revocation whitepaper:
    http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx

    Windows Server 2003 web enrollment and troubleshooting guide:
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
    "Roberto Murasso (Tiscali)" <rmurasso@tiscalinet.it> wrote in message
    news:%237Pa2$CTFHA.3332@TK2MSFTNGP15.phx.gbl...
    > Hi,
    >
    > I have a Windows 2003 server domain with Active Directory on and an
    > Enterprise Certification Authority.
    > The problem is :
    >
    > I have a phisical person who has two AD accounts, one as user and onother
    > as administrator
    > I have to give to him a smart card and remove the user name/password logon
    >
    > Can I generate two authentication certificates on the same samrt card?
    > Can I choose (using windows logon) wich user log to the system?
    > Do I have any component to modify/create to do this ?
    >
    > At the end of all, is this thing possible?
    >
    > Hope in your help
    >
    >
Ask a new question

Read More

Authentication Windows Server 2003 Windows