Re: [Fed-Talk] [Smart Cards] Tiger Login - DRAFT
Re: [Fed-Talk] [Smart Cards] Tiger Login - DRAFT
- Subject: Re: [Fed-Talk] [Smart Cards] Tiger Login - DRAFT
- From: Shawn Geddis <email@hidden>
- Date: Tue, 14 Feb 2006 09:24:27 -0500
On Jun 1, 2005, at 6:57 PM, Michael Kluskens wrote:
Apparently the problem I was seeing was a flaw in the web site I
was accessing, either they fixed the problem or my system is
working around it now.
I recommend trying the test page at Navy Infosec <https://
infosec.navy.mil/ps/?t=main/main.tag&bc=main/bc_main.html> before
assuming the problem is your OS or hardware (I'm using a flashed
ActivCard reader with no problem now).
My first try I found Safari/Keychain subsystem was presenting the
wrong certificate, but it seems to have remembered which one to
present.
As mentioned earlier, Mac OS X provides the ability to specify the
appropriate Identity to use when you have multiple identities and the
first one presented by the OS to the remote service is not accepted.
The first time you select which one you want to use for that
particular site, an "identity Preference" entry is added to your
default keychain. Next time you visit that same URI and a Client-
side cert is required, the OS will be directed to the one you
specified last time.
Starting with 10.4.4, Apple improved this even more in that your
Smart Card will always appear as the first credential storage in the
list and hence will be the first identity presented to the remote
site. For most people, this will even eliminate the one-time need to
specify a preference. :)
Also, I switched my boot drive back to standard journaled only (not
case-sensitive) and now Keychain Access is working properly, before
it was almost working.
Michael
ps. Retrospect duplicate function has a problem with case-
sensitive filesystems, I haven't had time to report it yet. Lost a
bunch of new files when duplicating a case-sensitive file system to
a case-insensitive file system on my way back to a more standard
filesystem.
Files could be seen as duplicates or be overwritten by other files
when going between case-sensitive and case-insensitive file systems.
- Shawn
___________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Enterprise Division (Public & Private Sector)
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden