I wanted to post an anomaly I noticed that will probably affect
federal folks the most.
I have discovered an issue with filevault and running smart card
services. When FileVault has a master password set and you browse
to a pki enabled web site with safari, safari asks you for your
FileVault master password. When you enter it successfully it tells
you that the web site will not accept it and asks you to choose a
new certificate, and the inserted CAC certificate is listed. As
soon as I highlight it and click OK Safari crashes, this did not
occur before turning on FileVault. Removing the FileVault keychain
files in /library/keychains corrects this issue (but it leaves a
blank keychain.
Scott,
FileVault and Smart Card Services are currently (as of 10.4.0) not a
compatible combination.
I imagine it is a problem with how FileVault stores the master
password as a certificate. I have elected to just run without
FileVault for now.
It is NOT an issue with the fact that FileVault is a Keychain
consisting of a Private Key and Certificate.
*Note*
I am attempting to catch up with a large backlog of Smart Card
related questions posted to this list in the last few months.
-Shawn
___________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Computer - US Federal Government
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/fed-talk/email@hidden
This email sent to email@hidden
