Machine authentication

[Jacky]

Jouni Malinen wrote:

>On Thu, Mar 30, 2006 at 04:37:45PM +1200, Jacky wrote:
>
>  
>
>>Thanks, in fact I am using wpa_supplicant on Linux.  I manage to find 
>>the current user's certifcate in the cert MMC.
>>However, when I try to export the certificate, I can not export the 
>>private key. Also what format should I export it to (DER/Base-64/.P7B)?
>>    
>>
>
>Can you enroll a new machine certificate and set it to allow private
>keys to be exporting during enrollment?
>  
>
I am not sure, I am using certificate machine autorollment. Don't know 
where to set the keys on the cert to be exportable.

However, this is not critical now. I think I can use PEAP instead of TLS 
to authenticate wpa_supplicant if I can not use the client certificate. 
Am I right? However, the question now becomes how do I find out the 
password of the machine account that get created when an client machine 
join a domain. So that I can use this password to put on to 
wpa_supplicant's configuration to see if that would work.

Bryan, you mention "You could install a password-change-sniffer DLL on 
the DC and get the password from it" , would you mind giving more  
details on this?

cheers,

Jacky