Bugzilla – Full Text Bug Listing
|Summary:||smart card single sign-on with AD for Windows 2008|
|Product:||ThinLinc||Reporter:||Peter Åstrand <firstname.lastname@example.org>|
|Component:||| rdesktop (deprecated)||Assignee:||Henrik Andersson <email@example.com>|
|Status:||CLOSED FIXED||QA Contact:||Bugzilla mail exporter <firstname.lastname@example.org>|
*** Bug 4500 has been marked as a duplicate of this bug. ***
A simple hack just adding the INFO_PASSWORD_IS_SC_PIN flag show this works as expected... Anything you pass in userfield is ignored and if more then 2 smartcards is available user needs to select which to use. I only one card is available it is used for SSO using pin from password argument.
Upstream commit r1687 includes this flag for use.
I have tried to send CN and subject as username to control what card to be used for logon but it seem there is no way to control that. So if more then one card is available for authentication SSO will not work and user need to select which card to use.
Commit 26356 adds support for the new rdesktop argument to pass pin as password to tl-run-rdesktop. Briefly tested with and without card logon and it seems to work as expected.
Tester should verify the functionality, see comment #3 on bug #4498 for information about how to setup smartcard authentication for users in Active Directory with thrid party CA / certificates.
Upstream commit r1697 makes sure that CredSSP is not used when smartcard SSO (pin as password) is used.