On May 9, 2005, at 7:30 AM, Michael Kluskens wrote:
On May 7, 2005, at 11:02 PM, Shawn Geddis wrote:
I indicated that "currently", as in 10.4.0, that Smart Cards
cannot be used to unlock a FileVault protected Home Directory.
Thread subject disconnected here, the user was stating that
FileVault can not be turned on at the same time as Smart Cards.
The statement is that:
FileVault is a key feature of interest to Federal users.
Smart Cards are key feature of interest to Federal users.
User's experience is that turning on one means don't turn on the
other.
Michael
Just to clarify for everyone...
Apple is quite aware of the fact that 'still' you cannot unlock a
FileVault enabled Account with a Smart Card. This has never yet been
available and as of 10.4.0, is still not available. That can change
in the future! :-)
We are quite aware that:
* FileVault is a key feature of interest to Federal users.
* Smart Cards are key feature of interest to Federal users.
Client-Side Authentication using Smart Cards
===================================
The new activity you are seeing related to Client-side Authentication
using a Smart Card with PKI protected websites relates to the fact
that we now support the ability to "select" which valid Client Cert
you wish to use to authenticate to a given PKI protected website. If
you have multiple Certificates that are 'valid' for this use and the
Serve did not accept the first one that was found and sent, a list
appears allowing you to select which one you wish to use for that
particular site. The list does include the Cert from the
FileVaultMaster Keychain because it would indeed be a valid cert as
an ID for the User. Once a Cert is selected for the first time for a
given site, an entry is added to your Keychain relating to that site
and referencing that certificate. If the Cert list does not include
the Certs from the Smart Card, ensure that the Smart Card is indeed
being recognized within "Keychain Access" first. If there are still
problems, file a bug and we can look into it further.
-Shawn
___________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Computer - US Federal Government
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
