From: "Monahan, Jim CONT ATSC" <email@hidden>
To: Lucy Liew <email@hidden>, email@hidden
Subject: RE: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
Date: Thu, 27 Jul 2006 08:15:04 -0400
I was getting that error until I both correctly entered the hash results
and
patched the authorization file.
FWIW, here's the steps I used:
CAC Login For Mac OS X 10.4.6
1. Insert CAC in Reader
2. login as root
a. open a terminal window, and issue the following series of commands.
b. sc_auth hash [returns 3 lines of hash codes: Identity, Email
Signing
& Email Encryption]
c. sc_auth accept -u myuser -h <identity_hash_from_step_2b>
[Substitute your user name for 'myuser']
d. nidump -r /users/myuser . [Make sure you include the dot. This is
to make sure user authentication authority is set up correctly. myuser is
your user id]
e. Save attache diffs file in an easy-to-get-to location. like the
"Users" folder
f. cd /etc
g. cp authorization authorization.orig
h. patch -u -o /tmp/authorization.smartcard authorization.orig
/users/smartcardauthdiffs.dat
i. diff -b /tmp/authorization.smartcard authorization.orig cp
/tmp/authorization.smartcard authorization
3. Log out and you should see the box for your PIN instead of your
Password
If you remove your CAC card, the screen will revert to userID/password.
Reinsert your CAC, wait a second or two, and your name and a prompt for PIN
should appear.
Jim Monahan
Network Systems Engineer
RSI, Inc, A CIBER Company
Army Training Support Center
mailto:email@hidden
-----Original Message-----
From: fed-talk-bounces+monahanj=email@hidden
[mailto:fed-talk-bounces+monahanj=email@hidden] On Behalf
Of Lucy Liew
Sent: Wednesday, July 26, 2006 6:46 PM
To: email@hidden; email@hidden
Subject: RE: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
Since my original post, I've flashed firmware version 5.18 onto my CAC
reader and moved the CCID Class Driver back to where it was originally.
I've also followed all the instructions according to the Naval
Postdoctorate
document on CAC on a Mac. With my updated reader, my laptop recognizes my
reader and properly requests and knows when I've properly inputed by PIN,
but it states that my certificates with my name on it are still "not valid"
when I look at them via Keychain Access.
I have asked the IT people within my organization to check my CAC card and
they said there wasn't any reason why it shows up as "not valid" when they
used their computer--a PC.
Please advise on what I need to do so that my laptop/reader can properly
read the certificates with my name on it.
>From: "Hopfner, Philip (Phil) (CIV)" <email@hidden>
>To: "Lucy Liew" <email@hidden>,<email@hidden>
>Subject: RE: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
>Date: Thu, 20 Jul 2006 07:28:20 -0700
>
>Hello Lucy,
>
>I can't vouch for the Virtual PC part yet (as I haven't tried it, but I
>understand it works too) - but I might suggest that you go and download
>the "CAC on a MAC" document at http://cisr.nps.edu/pub_techrep.html.
>It's helped a fiar number of people to setup their CAC readers to work
>on the Mac. And yes, you will need to flash the firmware on the card,
>but the document also explains this step too.
>
>-Phil
>
>-----Original Message-----
>From: fed-talk-bounces+phopfner=email@hidden
>[mailto:fed-talk-bounces+phopfner=email@hidden] On Behalf Of
>Lucy Liew
>Sent: Wednesday, July 19, 2006 9:54 PM
>To: email@hidden
>Subject: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
>
>I'm new to Macs and CAC readers so please forgive me if I sound ignorant
>and
>asking a question that's been answered before.
>
>I have been reading through as much of the archived information on the
>Fed-Talk list as I can, and I still can't seem to get my CAC and Citrix
>set
>up. I have a MacBook Pro with a Mac OS X 10.4.6. I also have a SCR 331
>CAC
>reader. However, I don't have virtual PC. I've done the following:
>
>1. In Keychain Access, I went into Edit Keychain List for Mac OS X and
>clicked "Shared" for the X509 Cerficiates.
>2. I've installed the two keychains provided by DoD into both
>X509Certificates and X509Anchors
>3. At one point, in Keychain Access, it recognized my smartcard as
>"smartcard reader #1." However, when I clicked on my personal
>certificates
>with my name on it, they would show that it was "INVALID."
>4. So I went into the draft guide "Smartcard Login on Tiger" and copied
>and
>pasted what was under "enabling smartcard login" in the Terminal mode.
>I'm
>not sure what happened after that, but my laptop no longer recognizes my
>
>smartcard reader at all.
>5. I moved CCID Class Driver bunding to the desktop.
>6. I've downloaded the Citrix ICA Client for Mac.
>
>My questions:
>1. How do I get my laptop to recognize my smartcard reader again? Do I
>
>need to undo any of the things I've done above? And if so, how do I do
>that? I need basic level instruction.
>2. Do I need to update my driver for the SCR331 reader to the firmware
>5.18
>version given that I running on version 10.4.6? It seems from what I've
>
>read that I don't have to but I may be mistaken.
>3. Do I need VirtualPC to get this thing working?
>4. How do I make my personal certificate "valid"
>5. What am I doing wrong?
>
>Thanks for any of your suggestions.
>
>
> _______________________________________________
>Do not post admin requests to the list. They will be ignored.
>Fed-talk mailing list (email@hidden)
>Help/Unsubscribe/Update your Subscription:
>
>This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden