certificate authentication

[Roberto Murasso \(Tiscali\)]

Hi,

I have a Windows 2003 server domain with Active Directory on and an
Enterprise Certification Authority.
The problem is :

I have a phisical person who has two AD accounts, one as user and onother as
administrator
I have to give to him a smart card and remove the user name/password logon

Can I generate two authentication certificates on the same samrt card?
Can I choose (using windows logon) wich user log to the system?
Do I have any component to modify/create to do this ?

At the end of all, is this thing possible?

Hope in your help

 

[David Cross [MS]]

1. Yes you can put two authN certificates on the card.

2. However, you cannot choose from multiple certs for logon. This
functionality is being considered for future releases.

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.


Top Whitepapers:

Auto-enrollment whitepaper:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx

Best Practices for implementing Windows Server 2003 PKI:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx

Troubleshooting Certificate Status and Revocation whitepaper:
http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx

Windows Server 2003 web enrollment and troubleshooting guide:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx