RE: [Fed-Talk] CAC Login to OWA
RE: [Fed-Talk] CAC Login to OWA
- Subject: RE: [Fed-Talk] CAC Login to OWA
- From: "Emery, David G Capt MIL USAF AFSOC/A6OE" <email@hidden>
- Date: Tue, 6 Feb 2007 17:20:41 -0600
- Thread-topic: [Fed-Talk] CAC Login to OWA
Mike,
I quickly threw up my basic instructions to enable Safari's access to
OWA using CAC. It's relatively quick, and it works in my environment.
If you need specific certs for AFMC (not sure why) as mentioned by Mark,
then just add that step in. I've done the Firefox method and found that
very unstable.
http://caconmac.openboxconcepts.com/
Let me know if you have questions.
Dave
-----Original Message-----
From: fed-talk-bounces+david.emery=email@hidden
[mailto:fed-talk-bounces+david.emery=email@hidden] On
Behalf Of Mike Jackson
Sent: Tuesday, February 06, 2007 12:58 PM
To: Fed Talk Mail List
Subject: Re: [Fed-Talk] CAC Login to OWA
On Feb 6, 2007, at 1:46 PM, Timothy J. Miller wrote:
> Mike Jackson wrote:
>
>> I tried Firefox 2.0.0.1 and that didn't work.
>
> Pull 1.5.0.8/9 from the Mozilla archive.
>
>> Sometimes Safari will ask me for my PIN for the CAC and I enter it,
>> but then I get the HTML error page from the AFMC webmail site stating
>> that I didn't authenticate properly.
>
> That's the issue you read about that Paul's hackaround tries to fix.
> Paul'll have to chime in further.
>
>> What I did notice is that the AFMC certificate has "CA 14" in it, and
>> the certs that are supplied in OS X only go up to CA 10? Is this a
>> problem?
>
> Probably at least in part.
>
>> How can I get the CA 14 cert onto my OS X machine?
>
> You can download DoD Root CA 2 chains from the AF PKI SPO website.
>
> https://afpki.lackland.af.mil/html/trustingthedodpki.asp#NonWindows
>
> The site is .mil restricted and CAC required, so you'll have to do
> this from an AFMC workstation.
>
> Make sure you install the DoD Root CA 2 cert into X509 Anchors,
> *not* your login keychain.
>
>> I also understand the basic concepts of the Keychain and the CAC card
>> but do I need to copy my certs from the CAC card to the keychain?
>
> No.
>
>> All I want to do is authenticate to the webmail site. I do NOT
>> need the CAC card for anything else on the machine.
>
> But they're so useful! Seriously. CAC login to local accounts on
> your Mac is pretty sweet.
>
> -- Tim
Thanks for the help, I'll try to get into my desk at WPAFB this week
and pull the certs.
Also.. there are no macs allowed on the NIPR Net at AFMC. Some rule
by some one long ago. They pretty much do not want them on the
network so basically another network had to be created to let those
researchers use the machines that they wanted to use. This other
network is only allowed to have publicly released information on it
so the restrictions are a bit less restrictive. So we don't really
need to have the CAC login security like the NIPR Net does.
Someone could hack into a machine on this network, but more easily
just call up AF Public Affairs and simply ask for the info.
Also, I am on a MacBook Pro, so having to carry around an SCR331 just
to log in isn't my idea of cool. What is my idea of cool is to have
it setup and working and show the guys in our local IT department
just how easily it _does_ work with CAC cards. Not that they would
change their mind.
We also need a C&A package for OS X to get them on the network, which
no one seems to have. I can not even seem to find one for another OS,
like Windows XP....
Thanks for the help again.
Mike Jackson
AFRL - WPAFB - Dayton Ohio
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden