1

Currently, when we log in to our computers, we are validating our credentials(user name and password) against the AD in our shared domain.
This password must be changed every 90 days for security purposes.

What I want to do is enable us to log in to the domain at the machines with fingerprint scanners using a biometric fingerprint instead of a password.
We would use the webkey cloud to store and authenticate the print and somehow send a token to the domain's AD saying the user is authenticated.

I was thinking about just passing the password to the AD on validation, but decided against it because the password would need to be changed every 90 days.
My goal is to allow a user to register their fingerprint only once and have domain access at the scan of a finger.

I have been looking in to Kerberos 5, but find a lot of it is over my head. Is what I am wanting to do even possible?

benka
  • 4,732
  • 35
  • 47
  • 58
user3057785
  • 57
  • 1
  • 8

1 Answers1

0

Yes, you can use Kerberos for that, if operating system supports logging in using fingerprint scanner.

It's supported in Windows 7 (and newer): http://windows.microsoft.com/en-us/windows7/can-i-use-a-fingerprint-reader-with-windows

After logging in, user is able to login without specifying password to your service. They'll for example open URL in their browser, and your service would receive Kerberos ticket (specifying their user account in Active Directory).

greenmarker
  • 1,599
  • 1
  • 21
  • 29