<p>Do a CA and generate client certs. Distribute as a cd with screen shot install instructios or require them to bring in there gear.<br>
Alternate is to build a static firefox with their cert installed onto a cd. They run that for remote access.</p>
<p>If they can't be trusted with a password for cert access, how can they be trusted with the access at all? It's amazing how smart people get when their food is on the line.</p>
<div class="gmail_quote">On Oct 6, 2011 11:09 PM, "Michael B. Trausch" <<a href="mailto:mike@trausch.us">mike@trausch.us</a>> wrote:<br type="attribution">> On Thu, Oct 06, 2011 at 10:45:19PM -0400, Jim Kinney wrote:<br>
>> Take the card home and use to access work data? Are you going to<br>>> issue readers as well? Without a pin or something entered by the<br>>> user there's no stopping a cloned or loaned card.<br>> <br>
> No, access from home would be at their own expense. They already have<br>> access from home, but the thing is that they're using passwords, and<br>> you know what that means with normal users. (Of course, this might<br>
> not be a viable option anyway, seeing as they have to be able to<br>> access things with their phones as well, and those obviously don't do<br>> smart cards... hrm...)<br>> <br>> Maybe I need to think about some other option, then. Hrm. Well, it<br>
> was a nice idea.<br>> <br>> --- Mike<br>> _______________________________________________<br>> Ale mailing list<br>> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>> <a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>> <a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br></div>