Re: [Fed-Talk] SmartCard Login
Re: [Fed-Talk] SmartCard Login
- Subject: Re: [Fed-Talk] SmartCard Login
- From: Brian Raymond <email@hidden>
- Date: Tue, 07 Feb 2006 13:36:24 -0500
- Thread-topic: [Fed-Talk] SmartCard Login
We had a similar discussion a couple of months ago on the list and at that
time I provided some possibilities given PAM, Windows 2000(2003), Heimdal's
implementations of PKINIT. You might be able to wire it up on your own, I
have done similar things with PAM in the past to provide support for Windows
RPC auth. In J2EE app servers so I know those types of things are possible.
I was thinking of hacking on it for fun but I don't currently have much free
time to play with it.
With that said you can tie things together somewhat using the local CAC
support currently provided with the OS and the ability to authenticate off
of AD but it's not an elegant or complete solution.
I hope Apple will be providing something but AFAIK they haven't hinted at
anything yet.
- Brian
On 2/3/06 9:51 AM, "Billy Lenox" <email@hidden> wrote:
> This is really needed because they have stated that "ALL" Computers
> that are connected to the Network must login to the Active Directory
> Server using your CAC by July 1st 2006. That is what was told to us.
> PLEASE Lets hope that there is support for it in 10.5
>
> Billy
>
> mailto:email@hidden
> mailto:email@hidden
>
> On Feb 3, 2006, at 8:40 AM, Timothy J. Miller wrote:
>
>> Brian Cadwell wrote:
>>> Which versions of the operating system support SmartCard login
>>> with DOD CAC?
>>> Is there any Apple documentation that covers the configuration of
>>> this for
>>> the supported OSs?
>>
>> Panther and Tiger both support SCL to *local system* accounts. No
>> version supports SCL to Active Directory accounts. I've beaten
>> Shawn about the head and shoulders multiple times re: supporting
>> Kerberos PKINIT, all to no avail. ;)
>>
>> Unless it's gonna be in 10.5. Please?
>>
>> -- Tim
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden