Re: [Fed-Talk] Re: Cac cards and Tiger
Re: [Fed-Talk] Re: Cac cards and Tiger
- Subject: Re: [Fed-Talk] Re: Cac cards and Tiger
- From: Shawn Geddis <email@hidden>
- Date: Mon, 9 May 2005 16:12:41 -0400
On May 4, 2005, at 2:12 PM, John Daly wrote:
Is it safe to assume that if the CAC card shows up in your Keychain
that the drivers are functional?
Yes. If you really want to see what takes place from the start,
launch Terminal and execute the top command before doing the following:
* Attach a Smart Card Reader
- Process 'pcscd' will be started (low level
Smart Card process)
* Insert a Smart Card into the Reader
- Several Processes will be started ()ie. JPKI,
BELPIC, CAC, ...)
- For US Federal Smart Cards (CAC/PIV) "CAC" will remain
active
* Keychain Access will display a new 'dynamic' keychain labeled
"smart card #n" with "n" being replaced with 2,
3, 4, ....
* This indicates that the Reader & Card are ready to go...
The CAC card won't show up using my GemPC 430 card reader off of a
straight install, but if I take the driver that I used in Panther
and put it into /usr/libexec/smartcardservices/drivers/ then Common
Access Card Viewer.app and the Keychain both show up.
What appears to be broken in Tiger that was functional in Panther
and Jaguar is the ability to use the CAC card to log in to the
computer. Unfortunately, with how much has changed, and the
complete lack of documentation in the help system, I can't tell if
it's broken, or if I'm merely not doing something right.
Smart Card Readers Supported:
========================
Number of Readers supported by Tiger are larger than those on
Panther, however there are a few things to keep in mind:
* Tiger already includes a CCID Class Driver
This means that any USB-based Smart Card Reader that complies with
the CCID standards will work out of the box with no need for any
reader-specific driver loaded.
* Tiger has some Smart Card Reader drivers pre-loaded
There a some "pre-loaded" Smart Card Reader drivers for some commonly
used readers that do not comply with the CCID standard and are
therefore not recognized by the CCID Class Driver.
Here is the complete list of default drivers loaded:
s$ ls -al /usr/libexec/SmartCardServices/drivers/
dr-xr-xr-x 3 root wheel 102 Mar 26 00:32 CCIDClassDriver.bundle
drwxr-xr-x 3 root wheel 102 Mar 26 00:32 CRYPTOCardPCCard.bundle
drwxr-xr-x 3 root wheel 102 Mar 26 00:32 SCR24XHndlr.bundle
drwxr-xr-x 3 root wheel 102 Mar 26 00:32 ifd-ASEIIIeUSB.bundle
drwxr-xr-x 3 root wheel 102 Mar 26 00:32 ifd-GemPC433.bundle
drwxr-xr-x 3 root wheel 102 Mar 26 00:32 ifd-GemPCKey.bundle
drwxr-xr-x 3 root wheel 102 Mar 26 00:32 ifd-GemPCTwin.bundle
drwxr-xr-x 3 root wheel 102 Mar 26 00:32
ifdok_cm4040_macos-2.0.0.bundle
This means that in addition to standard CCID Class Readers like....
OmniKey 3121
the following USB-based Readers will also work out of the box:
GemPlus 433
GemPlus Key
GemPlus Twin
The PC Card driver support on 10.4.0 currently have issues which are
being addressed and will be made available in a subsequent OS update
or directly from the product vendor.
If you have a USB Reader and you have the driver from me that is
supported under 10.3.x, then you can install that for 10.4.x (for
example, ActivCard USB v2, SCM SCR 331, ...). If you have a PC Card
Reader, you will need to talk with me and/or the vendor directly.
Shawn Geddis T (703) 264-5103
Security Consulting Engineer C (703) 623-9329
US Federal Government email@hidden
Apple Computer, Inc.
1892 Preston White Drive
Reston, VA 20191
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden