In Microsoft's sc_minidriver_spec there is a Smartcard Plug and Play Appendix A, which discusses a "pairing process" for smartcard:
- Get the ATR from the smart card.
- Iterate through entries in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards registry key and do the following:
- Apply ATRMask subkey value that is stored in the registry to the ATR that was acquired from the smart card.
- Compare the masked ATR value to the ATR subkey value that is stored in the registry.
- If the two ATR values match, stop processing and pair the corresponding minidriver with the smart card.
When a match has been made, the Crypt Provider registry key contains the CSP name.
If we go this way we can have tl-run-rdesktop to query the nrpe agent on a WTS server to retrieve the correct CSP name to use for SSO.
rdesktop (and associated tools) is being removed from the ThinLinc product.