Slashdot Mirror

← Back to Stories (view on slashdot.org)

Smart Cards for Windows XP Login?

Posted by Cliff on from the don't-lose-the-card-with-"Administrator"-access dept.

coleman asks: "I just bought a used Litronic Netsignia 210 smart card reader / programmer, from a friend for 20$. It came with 2 Cyberflex Simera phase 2 + java sim cards from Schlumberger. I was looking for a way to use the smart card (with a pin) to log in to the machine. The litronic people make a software called net sign that does this, but it is 99$ and comes with a Netsignia 210. I'd rather not have to pay that much money for such software and am looking into other options. I have heard that the University of Michigan has done this, but I don't know if they've released any of their software. I've tried several searches on the net and have only found links on DSS hacking." Anyone know of cool smart card apps for windows?"

3 of 23 comments (clear)

  1. Using Smart Cards with Windows 2000/XP by eldub1999 · · Score: 4, Informative

    Using smart cards with Windows 2000/XP is a two-fold problem.

    First, you need to have the card manufacturer's Cryptographic Service Provider (CSP) installed. For Windows 2000/XP, the Schlumberger and Gemplus CSPs are installed and using a "Win2K Compatible" card from either of these vendors does not require the installation of additional software.

    The second part to the involves getting a certificate in the correct format onto the card. Assuming you are refering to PKINIT, you will need to have a card with only a single certificate that follows Microsoft's "Smart Card Logon" profile. Additionally, you will need to do some configuration on the Active Directory side to make it work.

    Microsoft summerizes the process in the following Knowledge Base article:
    http://support.microsoft.com/default.aspx?scid=k b; EN-US;q281245

    One of the hardest parts is finding a CA (besides Microsoft's) that will UTF8 encode the SubjectAuthName field.

    It can be done. Good luck.

  2. Re:PIN? by mfarver · · Score: 5, Informative
    Any good auth system (according to Bruce Schneier ) should use two things from the following list:
    • Something you have. (Smartcard, token card)
    • Something you know. (Pin, password)
    • Something you are. (Biometrics, fingerprint iris scan etc
    A smartcard + pin solution would be far better than a system that only used on form of auth. A smartcard can be stolen, but without the pin: no access. A password can be evesdropped, but you'd need to swipe the card too.

    The best security is a layered defense...

  3. University of Michigan Smartcard Software, Info by wbraunoh · · Score: 4, Informative

    The University of Michigan's CITI group does indeed have a bundle 'o info and programs available for applications of a Smartcard environment if you're interested.

    Though I have to say I enjoy being able to login without one here at the moment, but maybe that's just me.