Re: [Fed-Talk] NMCI Webmail
Re: [Fed-Talk] NMCI Webmail
- Subject: Re: [Fed-Talk] NMCI Webmail
- From: Shawn Geddis <email@hidden>
- Date: Mon, 9 May 2005 18:25:07 -0400
As you can all, I am responding to older mail that I never got to
yet. It is an attempt to help clarify the issue and not to add
confusion, really! :)
On Apr 25, 2005, at 11:42 PM, Thomas Lee Zimmerman wrote:
LCDR,
I've been running NMCI Webmail for over a year using Mozilla. I had
to install the Activcard Gold software to work with the CAC reader
You could do it, but it is Not necessary. What you found is that the
Smart Card "Reader" driver was installed [ "ActCCID.bundle" into the
directory /usr/libexec/SmartCardServices/drivers/ ]. If you
install the ActivCard Gold for Mac OS X Software, the Apple built-in
services will no longer be functional.
(after I install Tiger I'll try the built-in CAC card support).
Once you've got the CAC card software running go to Mozilla
preferences, select Privacy & Security, then Certificates. On that
screen there will be a Manage Security Devices button. If you click
on that you should see an entry for either Activcard or the CAC
reader (I'll have to look at my work computer to give you the exact
answer). I *think* i didn't even have to activate the CAC reader in
the GUI. That's all it took and it's worked fine for me. When you
select the Webmail URL you'll see the Activcard icon on your task
bar blink (indicating Mozilla is accessing the CAC card) and then a
dialog will pop up asking for your CAC PIN number.
You could do it, but it is Not necessary. You can still use Apple's
built-in PKCS#11 Plugin for Netscape/Mozilla/.... All you need to do
is add the security module under the Manage Security Devices and
select the path to the apple provided plugin. This was provided in
my 10.3.x Setup and Config guide...
Assuming that works you'll et the login for Webmail. Don't forget
to put the domain name in first in the user name line (for example
mine is "nadsuswe\lee.zimmerman").
I've also tried Firefox. With no special install or configuration
it recognized the CAC card reader (again, via Activcard), but it
insists upon asking for my user name and password every time you do
anything in Webmail. Too bad because I'd rather run Firefox than
Mozilla. Actually, I'd really rather run Safari, but it does not
work with Webmail (since it won't work with the CAC card). I'm not
sure if this changes in TIger.
This is a MAJOR change with "Tiger". Smart Cards are abstracted as
dynamic Keychains in Tiger. This means that ANY applications that
utilizes Certificates/Keys from the OS, will be able to use Smart
Cards. As mentioned earlier, Mail.app, Entourage 2004,... and of
course Safari.
Again, there is nothing you need to install except the ActivCard
Reader Driver -- unless of course you flash the reader to its normal
CCID Compliant state.
We've had lots of problems getting Outlook under Terminal Services
to run reliably on Macs at our location. Also, Webmail on the Mac
does not allow for uploading attachments. My work around is to use
Apple Mail with our local SMTP server to send mail and Webmail to
read it.
Provide more detail offline and we can work to identify the problems...
-Shawn
___________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Computer - US Federal Government
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden