From CW-7588576:
Partner is looking for a means to be able to use smart cards through a session to support smart card requirements for admin functions on remote systems. Notes that RDP supports a pass through device so local smart card is presented through the RDP session to the remote system for Authentication.
With the NIST 800-171 requirements being fully enforced, 2-factor for privileged accounts is a must. This means that I need to pass my usb based Windows SmartCard (Yubikey) login to the remote machine. I agree that RDP does have this functionality and I use it already from my local machine into local remote servers.
We ended up using a combination of Yubikey and AuthLite - works great for anything you need to authenticate. AuthLite integrates with AD and the YubiKey code ends up being the "username" and you enter your password. Since it's all just keyboard input, works fine locally and remote. No need to integrate any authentication protocols between the systems, all that magic happens on the backend.
We ended up using a combination of Yubikey and AuthLite - works great for anything you need to authenticate. AuthLite integrates with AD and the YubiKey code ends up being the "username" and you enter your password. Since it's all just keyboard input, works fine locally and remote. No need to integrate any authentication protocols between the systems, all that magic happens on the backend.
I think we're going to just use Duo. It solves all the issues and doesn't have to use a smartcard. I wish SC supported Smartcard Passthrough though, it'd be nice since then we can do this without recurring costs like Duo or other solutions need.
We are using SPYRUS Rosetta smart cards and Gemalto smart cards and need to be able to authenticate to AD accounts on a WIndows server that requires a certificate for user authenticaion.