Network folder access locking smartcard

I was trying to access a network folder on my corporate network. I am using a smartcard to access it so it is a PIN, not technically a password. When I entered the PIN, I typed it incorrectly one time. Shortly after that my account got locked out. When I look in my audit logs, I see 5 attempts - one every second - and then my smartcard got locked. Since there is no way to unlock a smartcard, you have to delete and re-create it.

I do not know if this same behavior happens from File Explorer or not but I don't want to experiment since re-creating the smartcard is a pain in our environment. I also don't know if it is related to using a PIN or if the same problem would happen with a password. Is there any way you can confirm whether it is Dopus or not? Is there a setting in Dopus I can change which might prevent this from happening? Maybe something that would not automatically try to re-establish a failed network connection, instead re-prompting for credentials on a failure?

I don't think that's something we have much control over. More an issue with Windows and/or the SmartCard's authentication component (if it has a custom auth DLL). The network drive credentials prompts don't come from Opus, and Opus never knows what was typed into them, so it can't be Opus that's trying the same PIN multiple times.

Ok, that's what I wanted to be sure about. There are lots of pieces involved and I'm just trying to figure out where to start looking. I didn't know if maybe Opus received an object from that prompt and re-tried using the same object or if that was all windows explorer doing it.

1 Like

We might detect that the drive has no credentials and then ask Windows to display a credentials prompt, but the actual collection, authentication and caching of credentials is all done by the OS.

If something was wrong on the Opus side, it would be more likely that you'd be seeing multiple prompts to enter a PIN.

Windows 10 2004 and later introduced some bugs into the API for these things, when not using a smartcard, which results in a second password prompt even when the first was correct (you can just push return without typing anything new, and it works), so they may have also messed up how smartcards are handled. Nothing would surprise me these days, as they have no QA team anymore.

Yep, I've noticed that bug too and I see it with smartcards as well.

Thanks for the info.