VNC +Certificate Authentication

[John Morgan Salomon]

Hi there,

I apologize if the answer to this question is staring me right in the  
face in some FAQ or so, but I haven't been able to find it.

We have two Windows boxes connecting to each other in a test lab  
(W2k3 server sp1 and Windows XP sp1.)  Both are running evaluation  
copies of RealVNC4 enterprise edition.

I am trying to find out the following:

1) whether there is a possibility of authenticating to a VNC server  
using an x.509 certificate (in our case from a smart card)
2) whether it's possible to use certificate-based NT domain  
credentials to log directly in through the GINA on the target system  
(we cannot get this working for some reason; we selected 'single sign- 
on' in the VNC server configuration menu, but we still get the  
server's login GINA window.)  Does it matter whether this runs as a  
Windows service or in user mode?
3) whether there is provision, existing or planned, for forwarding a  
local PCSC channel to a VNC server the way RDP does

stunnel is not an option (we don't care about authenticating the  
underlying connection, but the actual user interaction with either  
the MS GINA or, failing that, the VNC server.)

Basically we're trying to see if there's a way a user can start a VNC  
session to a Windows domain controller and authenticate himself to  
Windows on the target system with a smart card/certificate issued for  
Windows domain login.

Any help/tips appreciated; is what we're trying to do totally off the  
wall?

Thanks,

-John