Re: [Fed-Talk] ActivCard Reader setup
Re: [Fed-Talk] ActivCard Reader setup
- Subject: Re: [Fed-Talk] ActivCard Reader setup
- From: Brian Raymond <email@hidden>
- Date: Wed, 02 Nov 2005 22:34:50 -0400
- Thread-topic: [Fed-Talk] ActivCard Reader setup
I'm puzzled as well :).
I did a clean install of 10.3 on my G5 which used to run 10.3 and use the
reader all of the time. Now it has bus errors. I have a total of three
flashed readers, which all exhibit the same problem on my two powerbooks and
G5, all running clean installs of 10.4. I understand from the list that some
others experienced similar problems so I don't think it was isolated to me.
These same readers work fine on Windows so I know they operate correctly.
I'm not sure what's going on with them.
- Brian
On 11/1/05 6:43 PM, "Michael Kluskens" <email@hidden>
wrote:
> Brian,
>
> I'm a little puzzled by your problems, I flashed a bunch of ActivCard
> readers to SCR331 to use them under OS X 10.3 and now we are using
> them under OS X 10.4 with no problems. Some machines were upgraded
> to 10.3 and some were formated and clean installed with 10.4.
>
> Perhaps you bought over something from 10.3 that should not be used
> on 10.4, other then the hardware that is. Offhand the CAC Reader
> program is one thing that didn't get automatically deleted in the
> upgrades.
>
> Do these issues only occur when you actually use the device?
>
> Michael
>
> On Nov 1, 2005, at 4:01 PM, Brian Raymond wrote:
>
>> Does anyone know off the top of their head if I can get the SCR331
>> driver
>> from 10.3 in 10.4? We have gone over this on the mailing list
>> before, I
>> dropped it for a while but this thread and the need to use a card
>> reader
>> again brought it back up.
>>
>> I have some ActivCard readers that were flashed with the SCR331
>> firmware to
>> get them working in 10.3 and they work fine in it. In 10.4 it
>> throws bus
>> errors and timeouts. If the 10.3 driver can still work that would
>> be a nice
>> way to solve my problem.
>>
>> - Brian
>>
>>
>> On 11/1/05 9:29 AM, "Dalton Hamilton" <email@hidden> wrote:
>>
>>> <NOTE: Most of the information I post here comes directly form the
>>> Apple Federal Systems engineer I've been working with.>
>>>
>>> The best thing is for everyone to flash the firmware (currently
>>> v5.18) which makes the reader full CCID Compliant. It is then fully
>>> supported by the CCID Class Driver in Mac OS X 10.4.x rather than the
>>> problematic SCR331 (pseudo ccid) driver that was pr-installed in Mac
>>> OS X 10.3.x. I have this flash update if anyone needs it -- size is
>>> approx 252KBytes in zip format.
>>>
>>> Let me restate: Mac OS X 10.4.x does NOT install the SCR331 driver
>>> that was pre-installed in 10.3.x, so if you have one of these
>>> readers, it is best that you flash the unit for optimal user
>>> experience.
>>>
>>> There is no need to install any middle-ware on OSX 10.4.x, since all
>>> of the support for the US Federal Smart Cards is built in.
>>> Go to the Applications->Utilities folder and start the KeyChain
>>> Access app. Then go to Edit->Keychain Lists and click the switch to
>>> enable X509Certificates. The bottom left corner of the Keychain
>>> Access app has a button labeled "Hide Keychains." Click this to show
>>> the keychains currently on your system. Keep in mind that the CAC
>>> card is treated as a keychain in OSX. You can't write to it or store
>>> other certificates there as you might do with other keychains, but it
>>> is a keychain. Your certificates are already on the CAC.
>>>
>>> Next, connect your CAC reader to your system and then insert your
>>> CAC. You should see a new entry in the top left Keychains portion of
>>> the Keychain application -- this entry will read "smart card #2."
>>> The appearance of the Smart Card as a Keychain is new to Mac OS X
>>> 10.4.x - Tiger. Smart Cards become dynamic in nature and appear in
>>> the Keychain list when they are inserted and disappear when they are
>>> removed. The modifications you made to 'enable' X509Certificates is
>>> separate from the Smart Card. At this point, you can click on the
>>> smart card keychain and the contents of your CAC should show in the
>>> right side.
>>>
>>> If you cannot see your smart card keychain, I'd suggest restarting
>>> your system once and try again. Tiger starts Smart Card Services
>>> when you initially connected the reader. It will shut down 2 minutes
>>> after the card is removed for lack of Smart Card activity. The
>>> system 'should' restart the services when you insert the card again,
>>> but issues relating to the shutdown of services as well as a system
>>> going to sleep (which I am not sure was true in your case or not) are
>>> being addressed and will be available in a future software release.
>>> Issues with the restarting of Smart Card Services after being
>>> shutdown or when a system goes to sleep are causing your system to no
>>> longer recognize that there is a Smart Card inserted. For those who
>>> care, securityd is not relaunching each of the tokend items (CAC,
>>> BELPIC, JPKI) and hence the card and reference to its contents are
>>> not being propagated up the chain. I've seen cases where OSX won't
>>> recognize the CAC reader and requires a restart for it to work.
>>>
>>> Once the system is recognizing your CAC and you see your
>>> certificates, you should be able to browse to the PKI required sites
>>> and it will prompt you for your PIN for your CAC and it will work.
>>> If you use Apple Mail, you should be able to digitally signing and
>>> encrypt/decrypt email -- likewise with Entourage.
>>>
>>> -----------------------------------------------------------------
>>> Dalton Hamilton
>>> email@hidden
>>> TIMPO Europe Senior Network Engineer (APPTIS)
>>> Office Location: Landstuhl Regional Medical Center
>>> Desk Civilian: 011.49.6371.86.7222
>>> Desk DSN: 314.486.7222
>>> Cell: 011.49.170.330.2182
>>> Fax: 011.49.6371.86.6060
>>>
>>> APPTIS
>>> 8626 Tesoro Dr. Suite 450 | San Antonio, TX 78217
>>> 800.862.2883 | www.apptis.com <http://www.apptis.com/>
>>>
>>> ** PROPRIETARY & CONFIDENTIAL ** This email and any attachments are
>>> confidential and/or proprietary and intended solely for the named
>>> recipients. Unauthorized use, copying, or distribution is prohibited.
>>> If you received this e-mail in error, please notify me by replying
>>> and delete the message without copying or disclosing it. Thank you.
>>>
>>>
>>>
>>>
>>> On Nov 1, 2005, at 1:25 PM, Billy Lenox wrote:
>>>
>>>> I need the Same thing for my Apple Computers
>>>>
>>>> Thanks
>>>> Billy
>>>>
>>>> On Oct 31, 2005, at 4:07 PM, Mike Dougherty wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I have the following setup:
>>>>>
>>>>> OS X: 10.4.2
>>>>> Smart Card Reader: ActivCard
>>>>>
>>>>> My Powerbook is my personal computer, but I need to be able to
>>>>> access certain Government sites which require CAC's.
>>>>>
>>>>> I have not been able to find a HOWTO or FAQ that would instruct me
>>>>> on how to setup my system. Is there a site or document someplace
>>>>> that would help me out?
>>>>>
>>>>> Thanks,
>>>>> Mike
>>>>>
>>>>> _______________________________________________
>>>>> Do not post admin requests to the list. They will be ignored.
>>>>> Fed-talk mailing list (email@hidden)
>>>>> Help/Unsubscribe/Update your Subscription:
>>>>>
>>>>> This email sent to email@hidden
>>>>>
>>>>
>>>> _______________________________________________
>>>> Do not post admin requests to the list. They will be ignored.
>>>> Fed-talk mailing list (email@hidden)
>>>> Help/Unsubscribe/Update your Subscription:
>>>> 40mac.com
>>>>
>>>> This email sent to email@hidden
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Fed-talk mailing list (email@hidden)
>>> Help/Unsubscribe/Update your Subscription:
>>> 40dataline.com
>>>
>>> This email sent to email@hidden
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>> 40nrl.navy.mil
>>
>> This email sent to email@hidden
>>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden