Re: [Fed-Talk] Mac Book Pro and a CAC reader
Re: [Fed-Talk] Mac Book Pro and a CAC reader
- Subject: Re: [Fed-Talk] Mac Book Pro and a CAC reader
- From: Shawn Geddis <email@hidden>
- Date: Tue, 2 Jan 2007 02:42:19 -0500
On Dec 28, 2006, at 12:36 PM, Boyd Fletcher wrote: Nate, two things that would be a huge help to DOD/IC customers would be:
1. having an embedded smart card reader in all Macs – especially in the laptops.
Understood.
2. working with Microsoft to get Entourage to support CAC authentication when connecting to Exchange Webmail servers. Apple works closely with the MS MacBU team and Entourage support for keychain has always been a part of that. Smart Card Authentication is not what is actually done. To be precise, what is supported on the Exchange Servers is Kerberos. Support for Smart Card Authentication to a Kerberized service requires PKINIT which is the Initialization of a Kerberos Session from an X.509 Certificate.
Mac OS X 10.4.x does not natively provide PKINIT, so your only available solution for this is to use ADmitMac for CAC (AFC) from Thursby Software Solutions. AFC also provides the SMB Packet Signing services that are currently needed by some who authentication against AD Domains enabled for HISEC.
- Shawn
___________________________________________ Shawn Geddis Security Consulting Engineer Apple Enterprise Division (Public & Private Sector)
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden