The Aloaha Passwort Filter is a Windows Password Filter to synchronize password changes with the Smartcard encrypted Softtoken of Aloaha Smartlogin.
When a password change request is made, the Local Security Authority (LSA) calls the password filter registered on the system. The Aloaha Password Filter is called on the machine the password change has been done. If the password change has been done for an Active Directory User the filter is called on the Domain Controller and if the User is a local user the filter is called on the local machine.
To install an activate the filter please start PasswdHK from your Aloaha installation folder. It is VERY important to call it with admin rights. Ideally you call it with -> right mouse click -> “Run as Administrator”. Once the tool is running please choose the tab “Activate Password Hook” and click on “Enable”. After clicking “Enable” or “Disable” a reboot is required!
The other tab “Set initial Password” has the function to create a certificate encrypted softtoken. Those certificate encrypted softtoken are used by Aloaha Smartlogin to allow the User a Smartcard Logon INDEPENDENTLY of Active Directory Membership and Certificate origin!
Passwords intercepted by the Aloaha Password Filter ARE ALWAYS encrypted with the public key of the certificate defined in the Softtoken. Therefore password are ONLY synchronized when a softtoken exists!
Keeping the certificate encrypted tokens in sync makes a lot of sense with the central store explained on: http://blog.aloaha.com/2013/04/26/aloaha-smartlogin-with-central-credential-store/