The Problem:
When requiring smart card access on a Web Application, you cannot use a certificate (in a crawl rule) to authenticate to the content source. The reason is because the content source is waiting for the smart card to be inserted. You also cannot crawl Forms Based Authenticated Web apps. The below solution works for either problem.
The Solution:
This solution assumes multiple servers in the farm, but it will work on a single server.
1. Extend and Map the smart card-enabled Web Application to another Zone. The 'Custom' zone works well for this. Call it anything, like http://ZONE4SEARCH
2. Select either NTLM or Kerberos (depends on your environment) for the Custom Zone authentication.
3. On the Index Server, modify the HOSTS file to include an entry for ZONE4Search with an IP address of 127.0.0.1
4. Remove the original content source from Search for the smart card-enabled/FBA enabled Web Application, if it still exists
5. Create a new content source in Search Settings pointing to http://ZONE4SEARCH
6. If security is a concern, you can stop the ZONE4SEARCH site on the WFE Server(s)
7. You should now be able to crawl your smart card enabled content via http://ZONE4SEARCH
8. Lastly, create a SERVER NAME MAPPING in Search administration and replace http://ZONE4SEARCH with your smart card/FBA enabled URL
When your users get a search result, they will only see the smart card-enabled Web Application. If you want to control the security on this new zone, you can always create Web Application Policies
If you are looking to crawl a Web Application via Forms Based Authentication (FBA) there is a fix now http://www.microsoft.com/downloads/details.aspx?FamilyId=D5090BC4-5B4F-411B-8CDE-E37D33F7EFDF&displaylang=en. Or, you can wait for the Microsoft Search 2008 update for SharePoint Server 2007.
Ben Curry
Mindsharp