I've setup smart card login. Its working well.
The AD option that requires user to use a smart card for authentication is nice but not enough.
Can I enforce smart card logon AND active directory password. So a user has to first enter AD account (username/password) AND THEN use smart card + pin?
I know I could enforce a more complex pin, resembling AD passwords, but managing the pins could become difficult.
It seems like smart card + pin is clumsy unless using third party software.