WPA/802.1x with smart cards
Last Post: June 16, 2006:
-
If a company uses smart cards for authenticating with WPA/802.1x, assuming the wireless client passes authentication, what happens if the smart card is then removed from the client pc? Does the connection drop? Does the authentication system check every once in a while that the smart card is still in place?
Thank you. -
You can configure a Smart Card removal behavior policy in windows security to take no action, lock the workstation or log the user out. As this relates to the STA and AP connection I am not sure what will happen since you are already authenticated in theory you should stay connected.
Have you tried this to see what happens? -
Bryan,
I am just curious about this, I don't have the hardware to try it unfortunately. -
You may find the LAN/WLAN administrators have configured periodic client re-authentication on the authenticator/AP. So although removing the smart card may not have triggered a logoff and de-authentication, the periodic re-auth from the wired side will close that authenticated session, I think.
-
Yes, the state of authenicated session does not depend upon smart card inserted in machine. It depends on reauth policy set in AP/ authentication server. If such a ploicy is in place, session will disconnect as soon as time specified (after which reauth needs to take place) on AP/ server has elapsed and card is not available. If no such policy is there, You will have the continous session no matter card is present or not.
Thanks,
Himanshu
- 1