Re: [Fed-Talk] MS Mac Office 2008 and CAC-enabled WebMail
Re: [Fed-Talk] MS Mac Office 2008 and CAC-enabled WebMail
- Subject: Re: [Fed-Talk] MS Mac Office 2008 and CAC-enabled WebMail
- From: Boyd Fletcher <email@hidden>
- Date: Mon, 07 Jan 2008 10:42:25 -0500
- Thread-topic: [Fed-Talk] MS Mac Office 2008 and CAC-enabled WebMail
safari works fine once Apples fixes the SCR-331/Oberthur issue in Leopard.
I think the simple solution is for MS Entourage 2008 to just prompt for the
CAC if it is connecting over HTTPS and the server requests the certificate.
this would be the correct behavior.
I guess I will have to wait until next week to try it. :)
boyd
On 1/7/08 9:22 AM, "Timothy J. Miller" <email@hidden> wrote:
>
> On Jan 4, 2008, at 3:01 PM, Boyd Fletcher wrote:
>
>> that¹s a real bummer. So we can¹t use Entourage 2008 to access
>> DOD¹s externally facing webmail servers that require CAC
>> authentication. I was hoping they used Apple¹s TLS infrastructure
>> which supports CAC.
>
> Should work fine in Safari. :)
>
> CAC authN to OWA through Entourage uses Microsoft's RPC/HTTPS
> protocol. However, the Windows RPC/HTTPS stack only supports NTLMv2
> or Kerberos authN, not PKI authN (this continues to be true in Vista
> and Server 2008, BTW). If you were to look at the RPC/HTTPS protocol
> from an external Outlook client you'd see it using NTLMv2 cached
> credentials. If you could get cached creds on OS X (Paul, does
> ADmitMAC f/CAC support cached creds?) it should then work with
> Entourage (assuming Entourage can wield cached creds on OS X).
>
> This also presumes that the RPC/HTTPS connector is turned on in your
> OWA implementation, which is not guaranteed.
>
> -- Tim
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden