问题
I wish to do the following:
Login or unlock my windows account with a smartcard (I know how). The smartcard prompts for PIN.
Then access a java software inside the account - and I want to use the same smartcard during its operation. However, I don't want it to prompt for PIN, but rather rely on the prior windows authentication.
Question: is this possible?
Thank you.
回答1:
If you're allowed to patch your existing login procedures, perhaps its worth it to look at pGina (http://pgina.org/), as it is a modular replacement for the GINA part of Windows.
回答2:
coming from Incorparating SSO in addition/instead SSL:
- When sign in into Windows with your smartcard, it peforms a pkinit and obtains a Kerberos TGT for you.
- When you access a further resource that TGT is used and a Kerberos service ticket is created. No smartcard cert involved.
- However, if you want to use the the smartcard in your app, you perform client cert auth and not Kerberos therefore the app must prompt you for your PIN.
来源:https://stackoverflow.com/questions/13873666/pkcs11-sso-using-prior-windows-login-with-smartcard