Re: [Fed-Talk] Common Access Cards with Entourage 2004 and Tiger
Re: [Fed-Talk] Common Access Cards with Entourage 2004 and Tiger
- Subject: Re: [Fed-Talk] Common Access Cards with Entourage 2004 and Tiger
- From: Shawn Geddis <email@hidden>
- Date: Tue, 3 May 2005 14:53:36 -0400
On May 3, 2005, at 2:25 PM, Thomas Doligalski wrote:
I've upgraded our Macs to Tiger, but am puzzled as to how to get
Entourage to work with our CAC cards. I can successfully see the
cac reader (with pcsctest), but am unsuccessful with the new cac
viewer program (which I had
to manually install from the Tiger installation disk).
Anyone know how to configure Tiger to support smart cards?
Tom
Tom,
The nice thing about the work we did with Tiger with respect to Smart
Cards (i.e. CAC, PIV, ...) is that there is nothing special you need
to do to use it for S/MIME under Mail.app or third-party applications
like Entourage 2004 or higher.
With a supported reader and a supported Smart Card Type (CAC, PIV,
JPKI, BELPIC, ...) the Private Keys and Certs appear in the
corresponding Smart Card *Keychain* (It is a 'reference' and not the
actually data since a private key can never leave the Smart Card).
Tiger fully abstracts Smart Cards as Keychains, hence any application
that already leverages the certificates/keys within keychain will
automatically get support for Smart Cards with no vendor
modifications necessary. The typical scenario would be that the
dynamic keychain that represents the Smart Card inserted would have
the name "smart card #2" (if you insert multiple cards you will see
"smart card #3", "smart card #4", ....)
In Entourage 2004:
* Select "Account Settings..."
* Select the desired account
* Click on "edit"
-- The Edit Account Panel will appear
* Click on "Security"
* For each of the Certificate options (Signing / Encryption)
-- Click on "Select" and select the appropriate Certificate
from the Smart Card
+ Be care to select the Mail Cert and not the ID Cert
for the Signing Cert.
* Done!
My Smart Card Setup and Configuration Guide for 10.3 will be
drastically reduced in sized when revamped for 10.4. I am working on
that update now.
For those previously and currently using PC Card Smart Card Readers
need to keep in mind that Tiger modified the kernel extension design
and hence the older Panther driver/kext will NOT work under Tiger.
The PC Card Smart Card vendors do have Tiger compatible drivers/kext
for those readers -- I will have them available as well.
-Shawn
___________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Computer - US Federal Government
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden