|
Posted by Paul Adare on March 22, 2006, 4:30 pm
Please log in for more thread options microsoft.public.security.crypto news group, Joe Kaplan (MVP - ADSI)
> You could use the fact that the user can log in with their smart card to
> build a self-service password reset website that used client certificate
> authentication though. This would not be too hard and is probably what I
> would do. We've done similar things for use with SecurID tokens. If you
> have client certificates already working to sign in to Windows, getting
> certificate mapping working in IIS should be easy.
True, I should have qualified my comment that there is nothing special
about smart card logon that would enable this with the OOB features of
the OS.
>
> > microsoft.public.security.crypto news group, S. Pidgorny <MVP>
> >
> >> Scenario: a user has forgotten their password BUT can log on to the
> >> Windows
> >> domain with a smart card.
> >> Is there any way to set the password _without_ knowing the previous one?
> >>
> >
> > The only option would be to have an administrator reset the password.
> >
> > --
> > Paul Adare - MVP Virtual Machines
> > It all began with Adam. He was the first man to tell a joke--or a lie.
> > How lucky Adam was. He knew when he said a good thing, nobody had said
> > it before. Adam was not alone in the Garden of Eden, however, and does
> > not deserve all the credit; much is due to Eve, the first woman, and
> > Satan, the first consultant." - Mark Twain
>
>
>
--
Paul Adare - MVP Virtual Machines
It all began with Adam. He was the first man to tell a joke--or a lie.
How lucky Adam was. He knew when he said a good thing, nobody had said
it before. Adam was not alone in the Garden of Eden, however, and does
not deserve all the credit; much is due to Eve, the first woman, and
Satan, the first consultant." - Mark Twain
| 
XML Sitemap