Machine authentication

[Jacky]

>If your user has a cert (you seemed to imply it above, though I don't
>know if I read that right), then could you perhaps use your user's
>password?  That might be simpler.  (With the Windows supplicant, you
>wouldn't be able to get at that until you logged on.  But if you know
>the password, you can set Linux up to use it regardless of who's logged
>on, as long as it lets you on the network.)
>  
>
My ultimal goal is to get machine authenticate working. I have included 
Cisco ACS's "machine access restriction" option explaination in my 
second email on this thread. I don't know how exactly it works, but I 
guess ACS is detecting ( or Active Directory is telling ACS) that an 
authentication is a machine authentication. ACS will allow certain 
operation only if machine authentication is successful (for example 
allow user authentication only if machine authenticated). Therefore 
using the user's cert or password is not help in this case.
I am also making assumption that if I set the identity to 
"host/mychinename" then ACS(or AD) will think this is a machine 
authentication (since I can see XP sending this as username in Ethereal 
log). Then I hope if I use the machine cert or machine password with the 
hostname as identity it will make ACS believe it is machine authentication.

Jacky