Re: [Fed-Talk] [Discussion] (4) Support Smart Card "Types" on Mac OS X 10.5
Re: [Fed-Talk] [Discussion] (4) Support Smart Card "Types" on Mac OS X 10.5
- Subject: Re: [Fed-Talk] [Discussion] (4) Support Smart Card "Types" on Mac OS X 10.5
- From: "Shawn A. Geddis" <email@hidden>
- Date: Mon, 7 Jul 2008 17:10:09 -0400
Just to be technically correct....
The line:
802.X
Should be
On Jul 7, 2008, at 4:54 PM, Shawn A. Geddis wrote: (4) Supported Smart Card Types
Many of you who are new to Smart Cards on Mac OS X will want to review this carefully.
Customers Impacted: Any Smart Card Users on Mac OS X 10.5
Platform(s) Affected: Mac OS X 10.5
Service(s) Affected: Smart Card use with: Login FileVault
Screen Saver Unlock System Admin VPN (L2TP / PPTP)
802.X
S/MIME (Apple Mail & MS Entourage)
SSL/TLS (Safari - Web & SSL VPN)
Built-in Support: Smart Card Services built into Mac OS X 10.5 provide for a wide range support for various Smart Cards. Each Smart Card either contains a Java Applet or File-based OS on the card. Physical Smart Card Reader support is done through the PCSC and driver architecture while the Smart Card "Types" support is provided through Tokend bundles.
Pre-shipped Tokend modules: /System/Library/Security/tokend/
Tokend Module Name Smart Card Specification
BELPIC.tokend - Belgian National ID
CAC.tokend - US DoD Common Access Card JPKI.tokend - Japanese PKI Card
PIV.tokend - US Federal Personal Identity Verification
(*NOTE* ALL but PIV were also supported on 10.4.x)
If the Smart Card you were issued does not meet any of the above noted specifications then you would need to acquire the corresponding Token module from the vendor/manufacturer of the Card/Applet. Many of the Smart Card vendors do in fact have tokend support, but do not note it on their websites yet. It is best to contact the vendor directly to enquire about the availability. If the vendor is interested in providing support, but does not yet do so, please have them Contact Shawn Geddis < email@hidden> directly.
This was covered in my WWDC 2007 Presentation:
506-Integrating SmartCard Solutions into Leopard
This was also covered in my WWDC 2006 Presentation:
527-SmartCards and other Two-Factor Authentication Solutions
Eventually, this all will be accessible directly from the top of my .Mac web page, so keep this bookmarked: http://web.mac.com/geddis/
_____________________________________________________ Shawn Geddis Security Consulting Engineer Apple Enterprise
|
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden