Il 04/02/2012 07:51, Iliya Peregoudov ha scritto: > When private key corresponding to digital certificate is stored on > computer's hard disk it is not stored securely. The only way to store > private key securely is using smart card. The best security is when you generate the key on the card: you can be quite sure nobody else will be able to read that key. To avoid using a "big" smartcard paired with an even bigger card reader, you can use a "token": it's like a small USB pen, but incorporates both a card and a reader.
Many motherboards have an onboard USB type-A port exactly for this purpose. While TPM in Linux is handled quite in the same way as a SmartCard, I have no idea about how it's handled in Win (but probably it integrates well in the login chain). BYtE, Diego. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html