I am trying to establish a network of government employees tasked with implementing Logical Access Control (LACS) with HSPD-12 PIV cards. I would like this network to share lessons learned in implemenations and technical information on the configuration, testing and support of these solutions.
If you are interested in contributing please let me know.
We have enabled a handful of users desktops so that they can use their cards to log into several websites and to send digitally signed and encrypted email.
Now as we are beginning to implement authentication to the AD Domain we are changing the UPNs on people cards to match the official NIST UPNs. The users that are already using their cards are having issues with their Outlook profiles refusing to accept the new certificates. It is specifically complaining about the email address for the profile not matching that of the certificate.
The interesting thing is that the email address in the certificates has not changed.