Just looking for some more information on wired 802.1x authentication. I currently run ACS 4.1, and I know that it can be integrated with AD for authentication purposes. Does anyone have information on whether or not you can take it a step further & use CAC / smartcard authentication? There's not much information that I can find about this topic, so anything posted is helpful!
Certificates are stored on the chip embedded in the Common Access Card (CAC). The chip also contains a processor, which responds to two protocols, PKCS#11 and Microsoft CAPI. To use a CAC, the workstation must have a smart card reader installed and must have software installed that enables the interaction between the application and the CAC, called middleware. The installation of smart card readers and middleware is the responsibility of the command that controls the workstation configuration. Once the reader and middleware have been installed, some applications, including Microsoft Outlook and Microsoft Internet Explorer, require configuration to install the certificates from the smart card into the application. The private keys never leave the card, but the configuration step tells the application that the private key associated with the certificate can be found on the CAC. This configuration is also the responsibility of the command that controls the workstation configuration, but requires that the card be present in the card reader to perform the configuration. After the workstation is configured, using the CAC involves putting the card in the reader prior to use, and using the user interface provided by the PK-Enabled client application to sign, decrypt, or identify yourself to PK-Enabled information systems. The CAC must be unlocked prior to use by entering the PIN when requested. If the PIN is entered incorrectly four times in a row, the CAC will lock and require a visit to a RAPIDS terminal or a CAC PIN Reset station for unlocking.