[Fed-Talk] Re: Cac cards and Tiger
[Fed-Talk] Re: Cac cards and Tiger
- Subject: [Fed-Talk] Re: Cac cards and Tiger
- From: John Daly <email@hidden>
- Date: Wed, 04 May 2005 11:12:08 -0700
Now that I can talk about Tiger...
>> With a supported reader and a supported Smart Card Type (CAC, PIV,
>> JPKI, BELPIC, ...) the Private Keys and Certs appear in the
>> corresponding Smart Card *Keychain* (It is a 'reference' and not the
>> actually data since a private key can never leave the Smart Card).
>> Tiger fully abstracts Smart Cards as Keychains, hence any application
>> that already leverages the certificates/keys within keychain will
>> automatically get support for Smart Cards with no vendor
>> modifications necessary. The typical scenario would be that the
>> dynamic keychain that represents the Smart Card inserted would have
>> the name "smart card #2" (if you insert multiple cards you will see
>> "smart card #3", "smart card #4", ....)
>>
>>
>> My Smart Card Setup and Configuration Guide for 10.3 will be
>> drastically reduced in sized when revamped for 10.4. I am working on
>> that update now.
>>
Thank you!
>>
>> For those previously and currently using PC Card Smart Card Readers
>> need to keep in mind that Tiger modified the kernel extension design
>> and hence the older Panther driver/kext will NOT work under Tiger.
>> The PC Card Smart Card vendors do have Tiger compatible drivers/kext
>> for those readers -- I will have them available as well.
>>
Is it safe to assume that if the CAC card shows up in your Keychain that the drivers are functional?
The CAC card won't show up using my GemPC 430 card reader off of a straight install, but if I take the driver that I used in Panther and put it into /usr/libexec/smartcardservices/drivers/ then Common Access Card Viewer.app and the Keychain both show up.
What appears to be broken in Tiger that was functional in Panther and Jaguar is the ability to use the CAC card to log in to the computer. Unfortunately, with how much has changed, and the complete lack of documentation in the help system, I can't tell if it's broken, or if I'm merely not doing something right.
Any help would be appreciated.
Thanks
John Daly
MacGuru
Technical Information Division
NAWCWD China Lake, CA
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden