Re: [Fed-Talk] [Smart Cards] Tiger Login - DRAFT
Re: [Fed-Talk] [Smart Cards] Tiger Login - DRAFT
- Subject: Re: [Fed-Talk] [Smart Cards] Tiger Login - DRAFT
- From: Alan Trulock <email@hidden>
- Date: Fri, 3 Jun 2005 22:49:13 -0700 (PDT)
I had everything working fine with 10.3 and Mozilla. I
now trying to get my system working under 10.4 and
have had limited success.
-- Brian Raymond <email@hidden> wrote:
> Since the problem of our CAC cards not working is
> possibly related to the
> fact that we are using flashed ActivCard readers I
> wanted to check to see if
> anyone has tried to flash their reader back with the
> ActivCard firmware? I
> haven't looked into it yet so I wanted to see if I'd
> just be spinning my
> wheels?
>
> Thanks..
>
> - Brian
Over the weekend, I upgraded to 10.4 and experienced
similar problems. My system worked 4.0 with 10.3 and
the ActivCard software prior to the upgrade.
Symptoms: ActivCard software crashed upon boot. When
pluging the reader in, pcscd launched, but no other
processes launched when I inserted my card.
I opted to uninstall the ActivCard middleware and
flash my reader with the files referenced here:
http://lists.apple.com/archives/fed-talk/2004/Sep/msg00017.html
This resolved my Smart Card daemon problems and my
card now shows as a dynamic keychain.
I verified my setup with the PKI Test Station and was
able to download from the latest antivirus from the
Navy Infosec site.
> On 5/24/05 10:57 AM, "Michael Kluskens"
> <email@hidden>
> wrote:
>
> > On May 9, 2005, at 2:45 PM, Shawn Geddis wrote:
> >
> >> 2) The DoD Intermediate CAs are not available to
> the Keychain List
> >> by default
> >> -- Federal Customers within DoD will need
> to add the
> >> "X509Certificates" to the list
> >>
> >> a) Launch Keychain Access
> >> b) Select "Edit -> Keychain List"
> >> c) Select "Show: Mac OS X (System)"
> >> d) Check "Shared" checkbox next to
> >> "X509Certificates"
> (/System/Library/Keychains)
> >> e) X509Certificates will now appear
> in the Keychains
> >> List and will be available for
> >> Intermediates for the
> whole trust path
> >> validation.
> >
> > This is what totally fails on my system. First
> off the check mark
> > is not there if I immediately or any time
> afterwards go back into
> > this menu. Also, I note that I also have System
> /Library/Keychains
> > which is shared and X509Anchors
> /System/Library/Keychains which is
> > not shared (and not shareable just like
> X509Certificates). Under
> > User I also have System /Library/Keychains which
> is shared.
> >
> > I created a brand new account and the problems
> existed there as well.
> >
> > Michael
Under keychains, I saw login and X509Anchors. Under
Keychain List for User, I saw only login. Under
Keychain List for System, I see X509Anchors and
X509Certificates. I am unable to remove X509Anchors
from my list. I am unable to share either in Mac OS X.
I have installed X509Certificates into my keychain and
verified my CAC certificates, but if I select share
from there, it removes it from my keychains!
I am guessing that something got messed up during the
upgrade.
Additionally, Safari continuously asks for my name and
password when accessing NMCI webmail. I have
previously had the same problem with Firefox under
10.3 and WinXP, so I am wondering if this is really a
browser problem rather than a CAC or keychain issue.
--Alan
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden