[SmartcardServices-Users] Question from a New Person Testing Smart Cards

Will Coleman will.coleman at centrify.com
Thu Feb 24 13:42:32 PST 2011


Tim, Thanks again for helping here.  I have one more question based on
your answers below
-- 

William Q. Coleman
Centrify Corporation



> 
>
>What's happening here is you actually have two smartcard middlewares
>installed.  One is ActivClient, which is a complete CAPI CSP.  The other
>is a PIV smartcard "minidriver" MS released under the Base SmartCard CSP
>framework.  See here:
>
>http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599b
>ac8184a/sc_minidriver_specs_V5.doc
>
>Win7 will fetch this minidriver from WSUS when it detects a PIV
>smartcard.  Unfortunately this driver isn't completely appropriate for
>CACs.  It'll work, but there are differences between it and ActivClient.
>

I know that it¹s possible to shut off this ³mini-driver² system and ignore
Win7¹s detection mechanism.  If do this, remove Actividentity, then I have
no real help here?  Since I need some middleware to handle the card,
otherwise, there are no drivers to handle this problem.  If Win7 defaults
to the PIV cert, then it will only accept that longer EDI/PI number in AD
(which works fine btw).  However, to have one sign-on, the Mac needs the
shorter CAC EDI/PI number, which also works.  I¹m just thinking out loud
here, in that one disabling all the available smart-card middleware, you
are really still stuck since you have nothing to help windows read the
card for authentication, correct?



More information about the SmartcardServices-Users mailing list