Smart cards can be used to log on only to domain accounts, not local accounts. Smart card authentication requires the use of the Kerberos authentication protocol. In Windows-based operating systems a public key extension to the Kerberos protocol's initial authentication request is used. In contrast to shared secret key cryptography, public key cryptography is asymmetric, that is, two different keys are needed, one to encrypt, another to decrypt. Together, the keys that are required to perform both operations make up a private/public key pair.
- source Microsoft
No comments:
Post a Comment