Re: [Fed-Talk] CAC Login to OWA
Re: [Fed-Talk] CAC Login to OWA
- Subject: Re: [Fed-Talk] CAC Login to OWA
- From: Mike Jackson <email@hidden>
- Date: Tue, 6 Feb 2007 13:57:53 -0500
On Feb 6, 2007, at 1:46 PM, Timothy J. Miller wrote:
Mike Jackson wrote:
I tried Firefox 2.0.0.1 and that didn't work.
Pull 1.5.0.8/9 from the Mozilla archive.
Sometimes Safari will ask me for my PIN for the CAC and I enter
it, but then I get the HTML error page from the AFMC webmail site
stating that I didn't authenticate properly.
That's the issue you read about that Paul's hackaround tries to
fix. Paul'll have to chime in further.
What I did notice is that the AFMC certificate has "CA 14" in it,
and the certs that are supplied in OS X only go up to CA 10? Is
this a problem?
Probably at least in part.
How can I get the CA 14 cert onto my OS X machine?
You can download DoD Root CA 2 chains from the AF PKI SPO website.
https://afpki.lackland.af.mil/html/trustingthedodpki.asp#NonWindows
The site is .mil restricted and CAC required, so you'll have to do
this from an AFMC workstation.
Make sure you install the DoD Root CA 2 cert into X509 Anchors,
*not* your login keychain.
I also understand the basic concepts of the Keychain and the CAC
card but do I need to copy my certs from the CAC card to the
keychain?
No.
All I want to do is authenticate to the webmail site. I do NOT
need the CAC card for anything else on the machine.
But they're so useful! Seriously. CAC login to local accounts on
your Mac is pretty sweet.
-- Tim
Thanks for the help, I'll try to get into my desk at WPAFB this week
and pull the certs.
Also.. there are no macs allowed on the NIPR Net at AFMC. Some rule
by some one long ago. They pretty much do not want them on the
network so basically another network had to be created to let those
researchers use the machines that they wanted to use. This other
network is only allowed to have publicly released information on it
so the restrictions are a bit less restrictive. So we don't really
need to have the CAC login security like the NIPR Net does.
Someone could hack into a machine on this network, but more easily
just call up AF Public Affairs and simply ask for the info.
Also, I am on a MacBook Pro, so having to carry around an SCR331 just
to log in isn't my idea of cool. What is my idea of cool is to have
it setup and working and show the guys in our local IT department
just how easily it _does_ work with CAC cards. Not that they would
change their mind.
We also need a C&A package for OS X to get them on the network, which
no one seems to have. I can not even seem to find one for another OS,
like Windows XP....
Thanks for the help again.
Mike Jackson
AFRL - WPAFB - Dayton Ohio
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden