问题
From microsoft documentation
In steps 6 and 7 (Kerberos SSP <-> CSP or Base CSP): In essence, it exchanges a copy of the x.509 certificate (from a smart card) in the pre-authentication data field of the request and is signed by the private key.
I wonder if there is any method to customize CSP (Cryptographic Service Provider) so that Kerberos SSP can get x.509 certificate (self-created) without using smart card? Then from Kerberos SSP send the certificate to AD (active directory).
Link Microsoft documentation:
Certificate Requirements and Enumeration: https://docs.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration
Smart Card Architecture: https://docs.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-architecture
Please let me know. Thanks in advance!
来源:https://stackoverflow.com/questions/61867671/how-can-i-customize-the-cryptographic-service-provider-base-csp-in-the-smart-c