I cannot read signed emails using Safari for OWA.
Apparently Safari does not feature/include the total functionality
of the full version of IE, specifically with regard to reading
signed emails. It appears that there is a disconnect between
Safari, OWA and the exchange server that does not communicate the
CAC card authentication through the browser.
According to our local NMCI POC only NMCI clients with the full,
and I suspect addl. plugins, version of IE can read signed emails.
He also indicated that the exchange server does not disallow
reading signed emails using OWA.
Can you, Shawn, or anyone else untangle this quagmire of
dysfunction for me and potentially numerous other would-be NMCI OWA
users.
It is already a big plus to be able to use OWA with Safari however,
with the increasing use of digital signatures this may become a big
problem for some users.
Dave
-----Original Message-----
From: Shawn Geddis [mailto:email@hidden]
Sent: Friday, July 29, 2005 18:26
To: lee zimmerman; Lawlin, David C CIV (NAVAIR 4.1.3)
Cc: Fed Talk
Subject: Re: [Fed-Talk] Email client support for WebMail on an
Exchange
server
On Jul 29, 2005, at 12:05 PM, Lawlin, David C CIV (NAVAIR 4.1.3)
wrote:
Is it possible to use Apple Mail or Entourage in place of a
Webclient (Safari or IE) to check Webmail hosted by an Exchange
server.
Specifically, https://webmail.nmci.navy.mil where the user would
retrieve their email as
user: nadsusea/[username]
pw: xxxxxxxxxxxxxx
The site is PKI enabled and I have been successful in using my CAC
card with 10.4 to check my email with Safari.
Dave
David,
First, good to hear you have successfully been using 10.4, Safari and
your CAC to access https://webmail.nmci.navy.mil for webmail.
Both Apple Mail and MS Entourage access an Exchange Server 2003 or
higher using IMAP and WebDAV, since they are both accessing it via
OWA - Outlook Web Access. This is not the same as Webmail and as Lee
noted, would require IMAP/WebDAV enabled (which they are by default)
on the Exchange 2003 Server. By the way, as has been mentioned on
this list before, the older Exchange Server 5.5 required MAPI and
hence neither Apple Mail nor Entourage can access accounts on the
older servers.
Lee mentions...
MCI limits access to the NMCI Exchange Server to NMCI hard seats
(running Outlook), NMCI Terminal Services seats (running Outlook on
remote Windows Application Servers that NMCI controls), to Webmail
(from any host with the correct PKI) and to the NMCI Blackberries.
Sounds like you could also use the MS Remote Desktop Connector for
Mac OS X to attach to the Terminal Services as well.
MS Remote Desktop Connector
<http://www.microsoft.com/mac/otherproducts/otherproducts.aspx?
pid=remotedesktopclient>
Download Link
<http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/
mac/download/misc/
rdc_update_103.xml&secid=80&ssid=10&flgnosysreq=True>
Lee, response on your other comments
I USED to access NMCI Webmail with my browser (before the 10.4
upgrade broke the ActivCard software and my laptop's ability talk
to our CAC card readers).
There is no need to install ActivCard Gold on Mac OS X. Smart Card
Services are built into Mac OS X 10.4 and fully integrated into the
OS-based PKI. This means that OS X Login, Apple Mail, Safari,
Internet Connect, MS Entourage, ... all fully access the Smart Cards
as part of the built-in services. All you needs is a supported
reader (30+) and if it is not a CCID compliant or is not one of those
supported by the pre-installed drivers then you just need to install
the corresponding driver. The ActivCard USBv2 Reader (SCM SCR331 +
Firmware mods) is indeed supported on Mac OS X 10.4 either by way of
installing the driver (ActCCID.bundle) or flashing the reader to be
its original CCID Compliant firmware (http://
www.scmmicrosystems.com & ftp://ftp.scmmicrosystems.com/).
For now I am running VirtualPC on my Mac and either Webmail or
Outlook via terminal services. Not very efficient by 1) the CAC
card still works under Windows and 2) the Macintosh version of
terminal services under NMCI does not work reliably.
You're running everything under VPC ?
Try Webmail via Safari/CAC .... at least...
What are the issues you are facing with RDC on OS X ? Have you
submitted these issues to MS ?
-Shawn
___________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Computer - US Federal Government
On Jul 29, 2005, at 5:30 PM, Lee Zimmerman wrote:
Dave,
Unfortunately, what you want doesn't appear to be possible...or at
least no one here at the Navy's "premier" C4ISR R&D facility has
been able to figure it out. ;-) NMCI limits access to the NMCI
Exchange Server to NMCI hard seats (running Outlook), NMCI Terminal
Services seats (running Outlook on remote Windows Application
Servers that NMCI controls), to Webmail (from any host with the
correct PKI) and to the NMCI Blackberries. At least here, the NMCI
network is physically separate from our "R&D" network, so there is
a firewall in place that can easily block the ports Entourage would
need to connect to the Exchange server. Mail.app wouldn't work
because, as far as I know, the NMCI Exchange Servers are not
configured to support PoP or IMAP protocols. There's also the issue
of having to figure out the NMCI naming convention to get connected
to the right Exchange Server in the first place (somehow I don't
think the Help Desk is going to support that).
I USED to access NMCI Webmail with my browser (before the 10.4
upgrade broke the ActivCard software and my laptop's ability talk
to our CAC card readers). For now I am running VirtualPC on my Mac
and either Webmail or Outlook via terminal services. Not very
efficient by 1) the CAC card still works under Windows and 2) the
Macintosh version of terminal services under NMCI does not work
reliably.
Lee
Lee Zimmerman
Deputy for Program Development, Command & Control Department, Code
2403
SPAWAR Systems Center San Diego
619-553-4046 (Office)
858-610-2029 (Cell)
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden