|
Posted by S. Pidgorny on June 2, 2007, 7:46 pm
If you were Registered and logged in, you could reply and use other advanced thread options
will be able to authenticate with their certificates even if compputer
authentication hasn't happened. There's nothing in the standards that will
enforce dual computer/user authentication.
There is a solution, and it indeed involves certificates: make it impossible
for the users to move their certificates off certain computer systems. For
example - place user authentication certs in a TPM.
--
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
> To do that, your best bet is to use EAP and authenticate against the user
> and
> computer certificates. You can deploy certs automatically by deploying a
> CA.
> --
> Ryan Hanisco
> MCSE, MCTS: SQL 2005, Project+
> Chicago, IL
>
> Remember: Marking helpful answers helps everyone find the info they need
> quickly.
>
>
> "jpriganc@gmail.com" wrote:
>
>> We are trying to setup a new wireless network using 802.11i
>> standards. We set up IAS to authenticate the computer and the user to
>> the domain. We are using PEAP with MS-CHAP v2 for authentication.
>> What we want to do is have the computer re-authenticate when the user
>> tries to connect. Right now, any user that is in the permitted list
>> could connect from a computer that is not even in the domain. Any
>> suggestions on how to make sure both the user and computer are
>> authenticated would be appreciated.
>>
>>
| 
XML site map