Re: [Fed-Talk] ActivCard Reader setup
Re: [Fed-Talk] ActivCard Reader setup
- Subject: Re: [Fed-Talk] ActivCard Reader setup
- From: Brian Raymond <email@hidden>
- Date: Tue, 01 Nov 2005 17:01:59 -0400
- Thread-topic: [Fed-Talk] ActivCard Reader setup
Does anyone know off the top of their head if I can get the SCR331 driver
from 10.3 in 10.4? We have gone over this on the mailing list before, I
dropped it for a while but this thread and the need to use a card reader
again brought it back up.
I have some ActivCard readers that were flashed with the SCR331 firmware to
get them working in 10.3 and they work fine in it. In 10.4 it throws bus
errors and timeouts. If the 10.3 driver can still work that would be a nice
way to solve my problem.
- Brian
On 11/1/05 9:29 AM, "Dalton Hamilton" <email@hidden> wrote:
> <NOTE: Most of the information I post here comes directly form the
> Apple Federal Systems engineer I've been working with.>
>
> The best thing is for everyone to flash the firmware (currently
> v5.18) which makes the reader full CCID Compliant. It is then fully
> supported by the CCID Class Driver in Mac OS X 10.4.x rather than the
> problematic SCR331 (pseudo ccid) driver that was pr-installed in Mac
> OS X 10.3.x. I have this flash update if anyone needs it -- size is
> approx 252KBytes in zip format.
>
> Let me restate: Mac OS X 10.4.x does NOT install the SCR331 driver
> that was pre-installed in 10.3.x, so if you have one of these
> readers, it is best that you flash the unit for optimal user experience.
>
> There is no need to install any middle-ware on OSX 10.4.x, since all
> of the support for the US Federal Smart Cards is built in.
> Go to the Applications->Utilities folder and start the KeyChain
> Access app. Then go to Edit->Keychain Lists and click the switch to
> enable X509Certificates. The bottom left corner of the Keychain
> Access app has a button labeled "Hide Keychains." Click this to show
> the keychains currently on your system. Keep in mind that the CAC
> card is treated as a keychain in OSX. You can't write to it or store
> other certificates there as you might do with other keychains, but it
> is a keychain. Your certificates are already on the CAC.
>
> Next, connect your CAC reader to your system and then insert your
> CAC. You should see a new entry in the top left Keychains portion of
> the Keychain application -- this entry will read "smart card #2."
> The appearance of the Smart Card as a Keychain is new to Mac OS X
> 10.4.x - Tiger. Smart Cards become dynamic in nature and appear in
> the Keychain list when they are inserted and disappear when they are
> removed. The modifications you made to 'enable' X509Certificates is
> separate from the Smart Card. At this point, you can click on the
> smart card keychain and the contents of your CAC should show in the
> right side.
>
> If you cannot see your smart card keychain, I'd suggest restarting
> your system once and try again. Tiger starts Smart Card Services
> when you initially connected the reader. It will shut down 2 minutes
> after the card is removed for lack of Smart Card activity. The
> system 'should' restart the services when you insert the card again,
> but issues relating to the shutdown of services as well as a system
> going to sleep (which I am not sure was true in your case or not) are
> being addressed and will be available in a future software release.
> Issues with the restarting of Smart Card Services after being
> shutdown or when a system goes to sleep are causing your system to no
> longer recognize that there is a Smart Card inserted. For those who
> care, securityd is not relaunching each of the tokend items (CAC,
> BELPIC, JPKI) and hence the card and reference to its contents are
> not being propagated up the chain. I've seen cases where OSX won't
> recognize the CAC reader and requires a restart for it to work.
>
> Once the system is recognizing your CAC and you see your
> certificates, you should be able to browse to the PKI required sites
> and it will prompt you for your PIN for your CAC and it will work.
> If you use Apple Mail, you should be able to digitally signing and
> encrypt/decrypt email -- likewise with Entourage.
>
> -----------------------------------------------------------------
> Dalton Hamilton
> email@hidden
> TIMPO Europe Senior Network Engineer (APPTIS)
> Office Location: Landstuhl Regional Medical Center
> Desk Civilian: 011.49.6371.86.7222
> Desk DSN: 314.486.7222
> Cell: 011.49.170.330.2182
> Fax: 011.49.6371.86.6060
>
> APPTIS
> 8626 Tesoro Dr. Suite 450 | San Antonio, TX 78217
> 800.862.2883 | www.apptis.com <http://www.apptis.com/>
>
> ** PROPRIETARY & CONFIDENTIAL ** This email and any attachments are
> confidential and/or proprietary and intended solely for the named
> recipients. Unauthorized use, copying, or distribution is prohibited.
> If you received this e-mail in error, please notify me by replying
> and delete the message without copying or disclosing it. Thank you.
>
>
>
>
> On Nov 1, 2005, at 1:25 PM, Billy Lenox wrote:
>
>> I need the Same thing for my Apple Computers
>>
>> Thanks
>> Billy
>>
>> On Oct 31, 2005, at 4:07 PM, Mike Dougherty wrote:
>>
>>> Hello,
>>>
>>> I have the following setup:
>>>
>>> OS X: 10.4.2
>>> Smart Card Reader: ActivCard
>>>
>>> My Powerbook is my personal computer, but I need to be able to
>>> access certain Government sites which require CAC's.
>>>
>>> I have not been able to find a HOWTO or FAQ that would instruct me
>>> on how to setup my system. Is there a site or document someplace
>>> that would help me out?
>>>
>>> Thanks,
>>> Mike
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Fed-talk mailing list (email@hidden)
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>> This email sent to email@hidden
>>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>> 40mac.com
>>
>> This email sent to email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden