|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Michael - thanks for the info. This seems to work fine on mobile accounts on different clients. Two more questions: can you change the login screen to only allow CACs and can you enforce the screen saver or lock the client when the CAC is removed? Thanks Larry Larry E. Smith II Technical Director USMC CDET 2300 A Louis Rd. Quantico, VA 22134 703-784-5193 DSN 278 Bb 240-299-2226 -----Original Message----- From: fed-talk-bounces+larry.e.smith=email@hidden [mailto:fed-talk-bounces+larry.e.smith=email@hidden] On Behalf Of Michael Winslow Sent: Monday, November 29, 2010 11:45 PM To: Niles, John B RET; email@hidden Subject: Re: [Fed-Talk] CAC Assistance Yes, it is pretty easy to setup CAC login on your Mac. I do not have CAC authentication working with the Apple Mail app, but I do have my Webmail working via Entourage for Mac (2008) via CAC. To get CAC login to your Mac working, you simply need to link the CAC Cert ID with your account on your machine. Apple built in a command line tool for doing this. Step by step instructions would be as follows (for Snow Leopard 10.6). I am assuming that you have an administrative account on your machine (if you don't some steps may change slightly). 1. Open a Terminal Window (Macintosh HD -> Applications -> Utilities -> Terminal.app) 2. type in "sc_auth hash" without the quotes 3. Select the long hash code (Hexadecimal) number for your Identity Private Key (Should be 40 characters long). Copy this Hexadecimal number. 4. You need to know your account's short name, if you do not know what it is, you can simply type in "whoami" into terminal and it will tell you your shortname. 5. Finally, map your certificate to your CAC by typing in the following command "sudo sc_auth accept -u <SHORT_NAME> -h <CERT_HASH_NUMBER>" replacing <SHORT_NAME> with your account's short name that you got in Step 4 and <CERT_HASH_NUMBER> that you copied in Step 3. You will be prompted to type in your password as this requires privileged access to do. Here is the supporting document that I used to come up with this... http://support.apple.com/kb/TA24244?viewlocale=en_US Thanks, Michael Winslow SPAWAR Systems Center Pacific On 11/29/10 8:12 AM, "Niles, John B RET" <email@hidden> wrote: > Fed-Talk, > > I have recently been informed that all computers on our network must be > equipped to log in with a CAC card. No password logins will be allowed. The > deadline is mid-December (I usually get these notices late). > > I am working with some of the IT people at my location regarding my Macs. > There are some options. However, their contract does not cover Macs, so for > the most part, I will have to figure something out, or I will be using PC's > shortly. > > The best solution would be to modify my login to require a CAC. While I know > this is possible, I do not know of a simple way to arrange this. > > Does someone have a cookbook solution for this problem suitable for someone > who is not an IT type? Just a step by step route? > > Also, is there a cookbook solution for modifying Mail to login only with a > CAC? This is not as important because I can always fall back to AKO CAC > login, although it would be clunky. > > Regards, > > John Niles > OGL Enterprises LLC _______________________________________________ Do not post admin requests to the list. They will be ignored. Fed-talk mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
Description: S/MIME cryptographic signature
_______________________________________________ Do not post admin requests to the list. They will be ignored. Fed-talk mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
Visit the Apple Store online or at retail locations.
Copyright © 2011 Apple Inc. All rights reserved.