[SmartcardServices-Users] [Fed-Talk] Re: Require smart card login
Ron Colvin
Ron.Colvin at nasa.gov
Wed Oct 13 13:21:10 PDT 2010
On 10/13/10 3:59 PM, Shawn A. Geddis wrote:
> Organizations apply policy such as requiring smart cards by managing
> their AD. This is not something that they would do at the client
> side. What is managed on the client side would be any necessary mods
> to support the required authentication methods (ie. manage or install
> client side middleware such your ADmitMac for CAC).
>
> The Mac would be bound to AD (for Authentication and Authorization)
> hence if AD requires ONLY Smart Cards then the Mac User would only be
> able to authenticate via smart cards. Whether the client system is OS
> X or Windows the end result is the same --- management of forced
> authentication methods is at the Directory Service.
>
Shawn I could definitely see a use case for smartcard only at console to
require two-factor authentication for a client box. I see a different
use case for requiring only a smartcard ever for that account. I could
certainly see a different use depending on what type of data the client
processes and whether it is a mobile workstation or a smartphone. On or
off for the user account only is not sufficient.
--
***************************************************************
Ron Colvin CISSP, CEH
Enterprise Integration Engineer, Security Analyst Code 700
DCSE Code 100& 110
NASA - Goddard Space Flight Center
<ron.colvin at nasa.gov>
Direct phone 301-286-2451
NASA Jabber (rdcolvin at im.nasa.gov) AIM rcolvin13
NASA LCS (ronald.d.colvin at nasa.gov)
****************************************************************
More information about the SmartcardServices-Users
mailing list