On Apr 24, 2008, at 12:25 PM, J. Keith Putnam wrote: Mac OS does not integrate with CAC authentication to AD, the automated software updates, virus updates, etc. that are involved in the accreditation package that is being built here.
Keith,
To be clear, folks need to understand the terms being used and how that impacts what services are required.
Keeping this overly simplified....
"CAC Authentication to AD" * Mac OS X 10.4 / 10.5 has built in support to *Authenticate* to Various Directory Services like AD, OD, LDAP, etc.
* What you are actually looking for is: "Single-Sign On (SSO) to AD with a Smart Card" - SSO requires PKINIT -- X.509-based authentication AND Initialization of Kerberos Session (TGT)
- PKINT for "User Login" is lacking in Mac OS X 10.4 / 10.5
"SSO to AD with Smart Cards" There are two products that you should be looking at. Both provide the needed PKINT as well as several others servers several are looking for:
Thursby's ADmitMac for CAC (AFC)
Centrify DirectControl for Mac OS X
- Shawn _____________________________________________________ Shawn Geddis Security Consulting Engineer Apple Enterprise
|